Uploaded image for project: 'Kafka'
  1. Kafka
  2. KAFKA-9460

Enable TLSv1.2 by default and disable all others protocol versions

    XMLWordPrintableJSON

    Details

    • Type: Improvement
    • Status: Resolved
    • Priority: Major
    • Resolution: Fixed
    • Affects Version/s: None
    • Fix Version/s: 2.5.0
    • Component/s: security
    • Labels:

      Description

      In KAFKA-7251 support of TLS1.3 was introduced.

      For now, only TLS1.2 and TLS1.3 are recommended for the usage, other versions of TLS considered as obsolete:

      https://www.rfc-editor.org/info/rfc8446
      https://en.wikipedia.org/wiki/Transport_Layer_Security#History_and_development
      But testing of TLS1.3 incomplete, for now.

      We should enable actual versions of the TLS protocol by default to provide to the users only secure implementations.

      Users can enable obsolete versions of the TLS with the configuration if they want to.

        Attachments

          Issue Links

            Activity

              People

              • Assignee:
                nizhikov Nikolay Izhikov
                Reporter:
                nizhikov Nikolay Izhikov
                Reviewer:
                Rajini Sivaram
              • Votes:
                0 Vote for this issue
                Watchers:
                2 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved: