[
https://issues.apache.org/jira/browse/FLUME-3315?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Jérémy LE BERRE updated FLUME-3315:
-----------------------------------
Priority: Major (was: Critical)
> [KafkaSink][KafkaSource] Impossible to disable hostname verification with SSL
> enryption
> ---------------------------------------------------------------------------------------
>
> Key: FLUME-3315
> URL: https://issues.apache.org/jira/browse/FLUME-3315
> Project: Flume
> Issue Type: Bug
> Components: Configuration, Sinks+Sources
> Affects Versions: 1.9.0
> Environment: Flume 1.9.0
> Kafka 2.1.0
> Reporter: Jérémy LE BERRE
> Priority: Major
>
> The documentation says :
> {quote}Note: By default the property
> {{ssl.endpoint.identification.algorithm}} is not defined, so hostname
> verification is not performed. In order to enable hostname verification, set
> the following properties
> {code:java}
> a1.sources.source1.kafka.consumer.ssl.endpoint.identification.algorithm=HTTPS{code}
> {quote}
> But with Flume *1.9.0* this is not true anymore because since Kafka 2.0.0
> hostname verification is enable by default.
> {quote}*+Notable changes in 2.0.0+*
> ...
> The default value for {{ssl.endpoint.identification.algorithm}} was changed
> to {{https}}, which performs hostname verification (man-in-the-middle attacks
> are possible otherwise). Set {{ssl.endpoint.identification.algorithm}} to an
> empty string to restore the previous behaviour.
> {quote}
> The problem is that it is impossible to disable hostname verification since
> flume does not support empty values in configuration (cf
> {{FlumeConfiguration.addRawProperty}})
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
