flume-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Jérémy LE BERRE (JIRA) <j...@apache.org>
Subject [jira] [Created] (FLUME-3315) [KafkaSink][KafkaSource] Impossible to disable hostname verification with SSL enryption
Date Wed, 30 Jan 2019 14:47:00 GMT
Jérémy LE BERRE created FLUME-3315:

             Summary: [KafkaSink][KafkaSource] Impossible to disable hostname verification
with SSL enryption
                 Key: FLUME-3315
                 URL: https://issues.apache.org/jira/browse/FLUME-3315
             Project: Flume
          Issue Type: Bug
          Components: Configuration, Sinks+Sources
    Affects Versions: 1.9.0
         Environment: Flume 1.9.0

Kafka 2.1.0
            Reporter: Jérémy LE BERRE

The documentation says :
{quote}Note: By default the property {{ssl.endpoint.identification.algorithm}} is not defined,
so hostname verification is not performed. In order to enable hostname verification, set the
following properties
But with Flume *1.9.0* this is not true anymore because since Kafka 2.0.0 hostname verification
is enable by default.
{quote}*+Notable changes in 2.0.0+*
 The default value for {{ssl.endpoint.identification.algorithm}} was changed to {{https}},
which performs hostname verification (man-in-the-middle attacks are possible otherwise). Set
{{ssl.endpoint.identification.algorithm}} to an empty string to restore the previous behaviour.
The problem is that it is impossible to disable hostname verification since flume does not
support empty values in configuration (cf {{FlumeConfiguration.addRawProperty}})

This message was sent by Atlassian JIRA

To unsubscribe, e-mail: issues-unsubscribe@flume.apache.org
For additional commands, e-mail: issues-help@flume.apache.org

View raw message