[
https://issues.apache.org/jira/browse/KAFKA-9460?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17025372#comment-17025372
]
ASF GitHub Bot commented on KAFKA-9460:
---------------------------------------
rajinisivaram commented on pull request #7998: KAFKA-9460: Enable TLSv1.2 by
default and disable all others protocol versions
URL: https://github.com/apache/kafka/pull/7998
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
us...@infra.apache.org
> Enable TLSv1.2 by default and disable all others protocol versions
> ------------------------------------------------------------------
>
> Key: KAFKA-9460
> URL: https://issues.apache.org/jira/browse/KAFKA-9460
> Project: Kafka
> Issue Type: Improvement
> Components: security
> Reporter: Nikolay Izhikov
> Assignee: Nikolay Izhikov
> Priority: Major
> Labels: needs-kip
>
> In KAFKA-7251 support of TLS1.3 was introduced.
> For now, only TLS1.2 and TLS1.3 are recommended for the usage, other versions
> of TLS considered as obsolete:
> https://www.rfc-editor.org/info/rfc8446
> https://en.wikipedia.org/wiki/Transport_Layer_Security#History_and_development
> But testing of TLS1.3 incomplete, for now.
> We should enable actual versions of the TLS protocol by default to provide to
> the users only secure implementations.
> Users can enable obsolete versions of the TLS with the configuration if they
> want to.
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
