Sure, good point. I don't want to wipe it completely, just putting it
behind a feature flag.
On Fri, 2023-06-09 at 10:03 -0700, Patrick Hunt wrote:
> "remove ZKTrustManager entirely from the codebase" - what is the
> impact on
> backward compatibility if this is done? Why wouldn't we keep this a
Hello,
We are running 3.7.1 in production and running into an "issue" that the
names of sequence nodes are not unique after the counter hits the max int
(i.e 2147483647) and overflows. I would like to start a thread to discuss
the following
1. Is this a bug or "expected" behavior?
2. Is ZK suppo
"remove ZKTrustManager entirely from the codebase" - what is the impact on
backward compatibility if this is done? Why wouldn't we keep this as an
option (not the default?) to ensure folks won't experience a "gap" when
migrating to new versions. We could phase it out over time as part of such
a pla
yeah, I remember these tickets, thanks for picking them up!
I agree and like the solution you proposed, in general in the long term it
is good not to use a custom trust manager, but rely on the standard one.
Máté
On Fri, Jun 9, 2023 at 2:08 PM Enrico Olivelli wrote:
> Il giorno ven 9 giu 2023
Il giorno ven 9 giu 2023 alle ore 14:07 Andor Molnar
ha scritto:
>
> I'd like to backport this to the 3.8 branch too.
>
> Let's say I'll add new "zookeeper.fips-mode" parameter which will be
> "false" by default in 3.8 and "true" for 3.9.0.
I am +1
ZK 3.9 will take time to be adopted and this is
I'd like to backport this to the 3.8 branch too.
Let's say I'll add new "zookeeper.fips-mode" parameter which will be
"false" by default in 3.8 and "true" for 3.9.0.
Thoughts?
Andor
On Fri, 2023-06-09 at 13:55 +0200, Enrico Olivelli wrote:
> I think that switching to
> sslParameters.setEndpoi
I think that switching to
sslParameters.setEndpointIdentificationAlgorithm("HTTPS"); is a good
option.
The less tweaks we have about Security code the better.
It would be great to see this in 3.9.0.
Enrico
Il giorno ven 9 giu 2023 alle ore 13:42 Andor Molnar
ha scritto:
>
> Hi zk folks,
>
> Pr
Hi zk folks,
Problem(s)
==
One problem that we're having with a custom Trust Manager in ZK is that
FIPS doesn't allow that:
https://issues.apache.org/jira/browse/ZOOKEEPER-4393
In FIPS mode the only allowed TrustManager in the JDK is
X509TrustManagerImpl which is the default implementat
Hi Enrico,
I can take the master cut next week, but let me put together an email
about a TLS topic first. I'd like to propose a fix to resolve the
problem of FIPS (custome trust manager in ZK) and reverse DNS lookups.
I'd like to include it in 3.9.0 and 3.8.2.
Andor
p.s. Whoever is making a chan
Hello ZooKeepers,
I think that it is time to do a round of releases.
We should cut a release out of the master branch, 3.9.0 and main
cutting a release out of 3.7.x and 3.8.x would be useful.
Before cutting the release please ensure that third party libraries
are not reported against CVEs
This
10 matches
Mail list logo
