[
https://issues.apache.org/jira/browse/HBASE-29444?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=18004027#comment-18004027
]
Istvan Toth commented on HBASE-29444:
-------------------------------------
This is not trivial.
HBase supports both JRE and tcnative via netty, so the actual supported tls
versions depends on the configured provider.
The easiest fix would be simply removing the default value and using the netty
defaults for protocol.
However, that change could allow using less secure protocols (like TLSv1.1)
compared to the current code.
> Default to Highest TLS version supported by the JRE
> ---------------------------------------------------
>
> Key: HBASE-29444
> URL: https://issues.apache.org/jira/browse/HBASE-29444
> Project: HBase
> Issue Type: Improvement
> Reporter: Istvan Toth
> Assignee: Istvan Toth
> Priority: Major
>
> Currently HBase defaults to TLSv1.2
> ZK now has code to detect and default to to TLSv1.3 if supported.
> Port that code to HBase.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
