This is an automated email from the ASF dual-hosted git repository. luoc pushed a commit to branch master in repository https://gitbox.apache.org/repos/asf/drill-site.git
The following commit(s) were added to refs/heads/master by this push:
new 6aa229b DRILL-8177: Bump default TLS version to 1.3
6aa229b is described below
commit 6aa229b7a0366c8c36c2544cb55920d6d201b3ab
Author: Rymar Maksym <[email protected]>
AuthorDate: Sun Mar 27 13:25:10 2022 +0300
DRILL-8177: Bump default TLS version to 1.3
---
.../securing-drill/081-configuring-ssl-tls-for-encryption.md | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git
a/_docs/en/configure-drill/securing-drill/081-configuring-ssl-tls-for-encryption.md
b/_docs/en/configure-drill/securing-drill/081-configuring-ssl-tls-for-encryption.md
index 013bc8c..7678d30 100644
---
a/_docs/en/configure-drill/securing-drill/081-configuring-ssl-tls-for-encryption.md
+++
b/_docs/en/configure-drill/securing-drill/081-configuring-ssl-tls-for-encryption.md
@@ -65,7 +65,7 @@ The following table lists the SSL configuration options with
their descriptions
| Drill Property Name | Hadoop Property Name
| System Property Name | Description
[...]
|-------------------------------------------------|---------------------------------|----------------------------------|------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
[...]
| drill.exec.security.user.encryption.ssl.enabled |
| | Enable or disable TLS for Drill
client - Drill Server communication. You must set this option in
drill-override.conf.
[...]
-| drill.exec.ssl.protocol |
| | The version of the TLS protocol to
use
[...]
+| drill.exec.ssl.protocol |
| | The version of the TLS protocol to
use
[...]
| drill.exec.ssl.keyStoreType | ssl.server.keystore.type
| javax.net.ssl.keyStoreType | Format of the keystore file
[...]
| drill.exec.ssl.keyStorePath |
ssl.server.keystore.location | javax.net.ssl.keyStore | Location
of the Java keystore file containing the Drillbit’s own certificate and
private key. On Windows, the specified pathname must use forward slashes, /,
in place of backslashes.
[...]
| drill.exec.ssl.keyStorePassword |
ssl.server.keystore.password | javax.net.ssl.keyStorePassword | Password
to access the private key from the keystore file. This password is used
twice: To unlock the keystore file (store password), and to decrypt the
private key stored in the keystore (key password) unless a key password is
specified separately.
[...]
@@ -93,7 +93,7 @@ The following table lists the parameters that you can include
in the jdbc connec
| trustStorePassword | string | [Optional]
Password to the truststore.
[...]
| disableHostVerification | true/false | [Optional]
If true, we will not verify that the host in the certificate is the host we
are connecting to. False by default. (Hostname verification follows
the specification in RFC2818)
[...]
| disableCertificateVerification | true/false | [Optional]
If true we will not validate the certificate against the truststore.
False by default.
[...]
-| TLSProtocol | TLS, TLSV1, TLSv1.1, TLSv1.2 | [Optional]
Default: TLSv1.2 (recommended)
[...]
+| TLSProtocol | TLS, TLSV1, TLSv1.1, TLSv1.2, TLSv1.3 |
[Optional] Default: TLSv1.3 (recommended)
[...]
| TLSHandshakeTimeout | Time in milliseconds | [Optional]
Default: 10 seconds In some cases, the TLS handshake may fail and leave
the client hanging. This option sets the time for the client to timeout.
[...]
| TLSProvider | JDK/OPENSSL | [Optional]
Default: JDK Changes the underlying implementation to the chosen value.
[...]
| useSystemTrustStore | true/false | [Optional,
Windows only] Default: false If provided, the client will read
certificates from the Windows truststore. In this case, trustStorePath and
trustStorePassword, if specified, will be ignored. The user should set
the default provider in $JRE_HOME/lib/security/java.security to SunMSCAPI.
The trustStoreType should be set to either Windows-MY or Windows-ROOT.
[...]
