This is an automated email from the ASF dual-hosted git repository.
cbickel pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/incubator-openwhisk.git
The following commit(s) were added to refs/heads/master by this push:
new 939c3d7 Limit cipher suites used for Kafka SSL. (#3604)
939c3d7 is described below
commit 939c3d797b54a870efbb085c14eb7fb4201d8fbb
Author: Vadim Raskin <[email protected]>
AuthorDate: Tue May 8 09:53:41 2018 +0200
Limit cipher suites used for Kafka SSL. (#3604)
---
ansible/group_vars/all | 7 +++++++
ansible/roles/kafka/tasks/deploy.yml | 1 +
2 files changed, 8 insertions(+)
diff --git a/ansible/group_vars/all b/ansible/group_vars/all
index 977d6ed..d4258b8 100644
--- a/ansible/group_vars/all
+++ b/ansible/group_vars/all
@@ -108,6 +108,13 @@ kafka:
keystore:
name: kafka-keystore.jks
password: openwhisk
+ cipher_suites:
+ - TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA
+ - TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256
+ - TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
+ - TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA
+ - TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256
+ - TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
protocol: "{{ kafka_protocol_for_setup }}"
version: 0.11.0.1
port: 9072
diff --git a/ansible/roles/kafka/tasks/deploy.yml
b/ansible/roles/kafka/tasks/deploy.yml
index ae4a7df..244c997 100644
--- a/ansible/roles/kafka/tasks/deploy.yml
+++ b/ansible/roles/kafka/tasks/deploy.yml
@@ -63,6 +63,7 @@
"KAFKA_SSL_TRUSTSTORE_LOCATION": "/config/{{ kafka.ssl.keystore.name }}"
"KAFKA_SSL_TRUSTSTORE_PASSWORD": "{{ kafka.ssl.keystore.password }}"
"KAFKA_SSL_CLIENT_AUTH": "{{ kafka.ssl.client_authentication }}"
+ "KAFKA_SSL_CIPHER_SUITES": "{{ kafka.ssl.cipher_suites | join(',') }}"
# The sed script passed in CUSTOM_INIT_SCRIPT fixes a bug in the
wurstmeister dcoker image
# by patching the server.configuration file right before kafka is started.
# The script adds the missing advertized hostname to the
advertised.listener property
--
To stop receiving notification emails like this one, please contact
[email protected].
