Uploaded image for project: 'Kafka'
  1. Kafka
  2. KAFKA-9460

Enable TLSv1.2 by default and disable all others protocol versions

    XMLWordPrintableJSON

Details

    • Improvement
    • Status: Resolved
    • Major
    • Resolution: Fixed
    • None
    • 2.5.0
    • security

    Description

      In KAFKA-7251 support of TLS1.3 was introduced.

      For now, only TLS1.2 and TLS1.3 are recommended for the usage, other versions of TLS considered as obsolete:

      https://www.rfc-editor.org/info/rfc8446
      https://en.wikipedia.org/wiki/Transport_Layer_Security#History_and_development
      But testing of TLS1.3 incomplete, for now.

      We should enable actual versions of the TLS protocol by default to provide to the users only secure implementations.

      Users can enable obsolete versions of the TLS with the configuration if they want to.

      Attachments

        Issue Links

          relates to

          New Feature - A new feature of the product, which has yet to be developed. KAFKA-9320 Enable TLSv1.3 by default and disable some of the older protocols

          • Major - Major loss of function.
          • Resolved
          links to

          Web Link Dev-list discussion

          Web Link GitHub Pull Request #7998

          Web Link KIP-553

          mentioned in

          Page Loading...

          Activity

            People

              nizhikov Nikolay Izhikov
              nizhikov Nikolay Izhikov
              Rajini Sivaram Rajini Sivaram
              Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: