Details
-
Bug
-
Status: Resolved
-
Major
-
Resolution: Duplicate
-
None
-
None
-
None
-
None
Description
I've configured SolrCloud (8.5) with both SSL and Authentication which is working correctly. However, I get the following warning in the logs
"Solr authentication is enabled, but SSL is off. Consider enabling SSL to protect user credentials and data with encryption"
Looking at the source code for SolrCloud there appears to be a bug
if (authenticationPlugin !=null && StringUtils.isNotEmpty(System.getProperty("solr.jetty.https.port")))
Rather than checking for an empty system property (which would indicate SLL is off) its checking for a populated one which is what you get when SSL is on.
This is a major issue because administrators are very concerned that Solr has been deployed in an insecure fashion.
Attachments
Issue Links
- duplicates
-
SOLR-14748 Correct SSL/Auth startup warning
- Closed