Uploaded image for project: 'ZooKeeper'
  1. ZooKeeper
  2. ZOOKEEPER-3930

Security issues: config zookeeper.ssl.ciphersuites do not effect for zookeeper client

    XMLWordPrintableJSON

    Details

    • Type: Improvement
    • Status: Open
    • Priority: Major
    • Resolution: Unresolved
    • Affects Version/s: 3.5.7, 3.5.8
    • Fix Version/s: None
    • Component/s: java client
    • Labels:
      None

      Description

      I have set  zookeeper.ssl.ciphersuites :TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 in ZKClientConfig ,but when i dump the tcp package , i find the ciphersuites do not match what i set 

      i debug with the code of zookeeper 

      maybe it need be add 

      sslEngine.setEnabledCipherSuites(cipherSuites);   

      after red tag 1,and cipherSuites can get from  clientConfig

       

        Attachments

        1. image-2020-09-08-19-58-14-156.png
          64 kB
          xiaotong.wang
        2. image-2020-09-08-19-51-41-970.png
          54 kB
          xiaotong.wang

          Activity

            People

            • Assignee:
              Unassigned
              Reporter:
              xiaotong.wang xiaotong.wang
            • Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

              Dates

              • Created:
                Updated: