ijuma commented on code in PR #18822:
URL: https://github.com/apache/kafka/pull/18822#discussion_r1944951637
##########
clients/src/main/java/org/apache/kafka/common/config/SslConfigs.java:
##########
@@ -29,14 +29,12 @@ public class SslConfigs {
*/
public static final String SSL_PROTOCOL_CONFIG = "ssl.protocol";
- public static final String SSL_PROTOCOL_DOC = "The SSL protocol used to
generate the SSLContext. "
- + "The default is 'TLSv1.3' when running with Java 11 or newer,
'TLSv1.2' otherwise. "
- + "This value should be fine for most use cases. "
- + "Allowed values in recent JVMs are 'TLSv1.2' and 'TLSv1.3'. 'TLS',
'TLSv1.1', 'SSL', 'SSLv2' and 'SSLv3' "
- + "may be supported in older JVMs, but their usage is discouraged due
to known security vulnerabilities. "
- + "With the default value for this config and 'ssl.enabled.protocols',
clients will downgrade to 'TLSv1.2' if "
- + "the server does not support 'TLSv1.3'. If this config is set to
'TLSv1.2', clients will not use 'TLSv1.3' even "
- + "if it is one of the values in ssl.enabled.protocols and the server
only supports 'TLSv1.3'.";
+ public static final String SSL_PROTOCOL_DOC = "The SSL protocol used to
generate the SSLContext. The default is 'TLSv1.3', "
+ + "which should be fine for most use cases. A typical alternative to
the default is 'TLSv1.2'. Allowed values for "
+ + "this config are dependent on the JVM. "
+ + "Clients using the defaults for this config and
'ssl.enabled.protocols' will downgrade to 'TLSv1.2' if "
Review Comment:
While I was here, I clarified this note too.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
