geniusjoe commented on PR #371: URL: https://github.com/apache/flume/pull/371#issuecomment-1225880720
> Thinking this through, the current behaviour is that hostname checking is enabled, since we're using the Kafka 2.0 client already. So if we were to approve this change we'd be adding in a security regression. On that basis, I think we should add in a new property, something along the lines of: `a1.channels.channel1.disableTLSHostnameVerification` and if that has been set to true then we can go and set the producer and consumer `ssl.endpoint.identification.algorithm` to blank. > > Hope this makes sense, just don't want to make things less secure than they are today, even if that means that our docs are actually wrong. Your advice also sounds reasonable. As a user, what I only need is just an option to disable the hostname checking. It's there a way to edit the document? Do i need to edit related doc content at the same time ? -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: dev-unsubscr...@flume.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
