[
https://issues.apache.org/jira/browse/ZOOKEEPER-4986?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
ASF GitHub Bot updated ZOOKEEPER-4986:
--------------------------------------
Labels: pull-request-available (was: )
> Disable reverse DNS lookup in TLS client and server
> ---------------------------------------------------
>
> Key: ZOOKEEPER-4986
> URL: https://issues.apache.org/jira/browse/ZOOKEEPER-4986
> Project: ZooKeeper
> Issue Type: Bug
> Components: security, server
> Affects Versions: 3.10.0, 3.9.4
> Reporter: Andor Molnar
> Assignee: Andor Molnar
> Priority: Major
> Labels: pull-request-available
> Time Spent: 10m
> Remaining Estimate: 0h
>
> Port the property behavior from [Apache
> HBase|https://github.com/apache/hbase/commit/5baeacb7d65f8ec3386690cadbf5e091e20b7b23#diff-b8e69e4d42340619ee4cd63d9e45d7224727f78c05da70ff9ce080c1d33e36d6R157]
> which controls wether reverse DNS lookup is allowed in TLS handshake if the
> hostname is not available (e.g. connect via IP address, client hostname
> verification, etc.)
> Disable reverse DNS lookups by default for both quorum and client protocols
> to be consistent. This should be safe from backward compatibility perspective
> in a new major (minor?) version if we cut 4.0.0 from master soon. In a
> {{branch-3.9}} backport we should enable reverse lookup in the quorum
> protocol by default to support smooth transition.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
