jfrazee commented on a change in pull request #4202: NIFI-7203 Support for TLS in Zookeeper Server URL: https://github.com/apache/nifi/pull/4202#discussion_r407726084
########## File path: nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-resources/src/main/resources/conf/zookeeper.properties ########## @@ -27,6 +27,28 @@ tickTime=2000 dataDir=./state/zookeeper autopurge.snapRetainCount=30 +# Embedded/distributed ZK TLS connection support can be activated by setting these properties at minimum: +# +# secureClientPort=2281 +# serverCnxnFactory=org.apache.zookeeper.server.NettyServerCnxnFactory + +# Most TLS configurations will set these values as well: +# +# ssl.keyStore.location=/example/path/to/key-store.jks +# ssl.keyStore.password=change this value to the actual value in your installation +# ssl.trustStore.location=/example/path/to/trust-store.jks +# ssl.trustStore.password=change this value to the actual value in your installation +# ssl.hostnameVerification=false Review comment: Let's remove `ssl.hostnameVerification=false`, or note that you would only do it for testing. ---------------------------------------------------------------- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: us...@infra.apache.org With regards, Apache Git Services