[ https://issues.apache.org/jira/browse/RANGER-3153?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17693014#comment-17693014 ]
Ramachandran commented on RANGER-3153: -------------------------------------- The following classes are using TLSv1.2 after the fix RangerRESTClient RangerSslHelper BaseAuditHandler RemoteUnixLoginModule DefaultSchemaRegistryClient NiFiRegistryConnectionMgr NiFiConnectionMgr When it comes to SSL connections, we should be using TLSv1.2. Indeed, it's the default SSL protocol for Java 8. And while Java 7 supports TLSv1.2, the default is TLS v1.0, which is too weak these days. [https://www.baeldung.com/java-7-tls-v12] cc >> [~mad...@apache.org] > Upgrade to TLS to version 1.2 and above > ---------------------------------------- > > Key: RANGER-3153 > URL: https://issues.apache.org/jira/browse/RANGER-3153 > Project: Ranger > Issue Type: Bug > Components: Ranger > Reporter: Sailaja Polavarapu > Assignee: Sailaja Polavarapu > Priority: Major > Fix For: 3.0.0, 2.2.0 > > Attachments: > 0001-RANGER-3153-Updated-TLS-version-to-1.2-for-ranger.patch > > > Ranger offers a TLS v1.0 protocol to provide communications security over a > computer network. > It is recommended to switch all communications to a newer version of the > protocol (v 1.2 or 1.3) which is more secure than the older versions. > Ranger's Admin Unix Auth Service(ranger.unixauth.service.port) runs on port > 5151 which found to have TLS 1.0 enabled. > TLS1.0 needs to be disabled. -- This message was sent by Atlassian Jira (v8.20.10#820010)