[ZOOKEEPER-3195] TLS - disable client-initiated renegotiation - ASF JIRA

XML

Word

Printable

JSON

Details

Type: Improvement
Status: Closed
Priority: Major
Resolution: Fixed
Affects Version/s: 3.6.0, 3.5.5
Fix Version/s: 3.6.0, 3.5.5
Component/s: None
Labels:
- pull-request-available
- ssl-tls

Description

Client-initiated TLS renegotiation is not secure and exposes the connection to MITM attacks. Unfortunately, Java's TLS implementation allows it by default. Thankfully, it is easy to disable.

Attachments

Issue Links

links to

GitHub Pull Request #710

Activity

People

Assignee:: Ilya Maykov

Reporter:: Ilya Maykov

Votes:: 0 Vote for this issue

Watchers:: 4 Start watching this issue

Dates

Created:: 20/Nov/18 23:28

Updated:: 20/May/19 17:50

Resolved:: 14/Jan/19 18:40

Time Tracking

Estimated:

Not Specified

Remaining:

Logged:

3h 10m