[
https://issues.apache.org/jira/browse/RANGER-3153?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17693014#comment-17693014
]
Ramachandran commented on RANGER-3153:
--------------------------------------
The following classes are using TLSv1.2 after the fix
RangerRESTClient
RangerSslHelper
BaseAuditHandler
RemoteUnixLoginModule
DefaultSchemaRegistryClient
NiFiRegistryConnectionMgr
NiFiConnectionMgr
When it comes to SSL connections, we should be using TLSv1.2. Indeed, it's the
default SSL protocol for Java 8.
And while Java 7 supports TLSv1.2, the default is TLS v1.0, which is too weak
these days.
[https://www.baeldung.com/java-7-tls-v12]
cc >> [~mad...@apache.org]
> Upgrade to TLS to version 1.2 and above
> ----------------------------------------
>
> Key: RANGER-3153
> URL: https://issues.apache.org/jira/browse/RANGER-3153
> Project: Ranger
> Issue Type: Bug
> Components: Ranger
> Reporter: Sailaja Polavarapu
> Assignee: Sailaja Polavarapu
> Priority: Major
> Fix For: 3.0.0, 2.2.0
>
> Attachments:
> 0001-RANGER-3153-Updated-TLS-version-to-1.2-for-ranger.patch
>
>
> Ranger offers a TLS v1.0 protocol to provide communications security over a
> computer network.
> It is recommended to switch all communications to a newer version of the
> protocol (v 1.2 or 1.3) which is more secure than the older versions.
> Ranger's Admin Unix Auth Service(ranger.unixauth.service.port) runs on port
> 5151 which found to have TLS 1.0 enabled.
> TLS1.0 needs to be disabled.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
