Details
-
Task
-
Status: Open
-
Blocker
-
Resolution: Unresolved
-
None
-
None
-
None
Description
After https://reviews.apache.org/r/70795 has landed, we will continue using the legacy hostname validation scheme by default, exposing users to increased MitM risk and to hangs caused by reverse DNS lookups.
With the next major release, we should change the default to the 'openssl' scheme and remove the legacy behaviour.
Attachments
Issue Links
- is blocked by
-
MESOS-9859 Deprecate 'libprocess' hostname validation scheme
- Open
Activity
Benno Evers
created issue -
Benno Evers
made changes -
Field | Original Value | New Value |
---|---|---|
Summary | Switch default hostname validation in Mesos | Switch default hostname validation scheme in Mesos |
Benno Evers
made changes -
Priority | Major [ 3 ] | Blocker [ 1 ] |
Benno Evers
made changes -
Link | This issue is blocked by MESOS-9859 [ MESOS-9859 ] |
Benjamin Bannier
made changes -
Component/s | libprocess [ 12320300 ] |