kylin-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Md Mahir Asef Kabir (Jira)" <>
Subject [jira] [Created] (KYLIN-4477) Usage of "TLS" is insecure
Date Mon, 04 May 2020 01:43:00 GMT
Md Mahir Asef Kabir created KYLIN-4477:

             Summary: Usage of "TLS" is insecure
                 Key: KYLIN-4477
             Project: Kylin
          Issue Type: Improvement
            Reporter: Md Mahir Asef Kabir

*Vulnerability Description:* In “engine-mr/src/main/java/org/apache/kylin/engine/mr/common/”
file the following code was written in
private static SSLContext createEasySSLContext()
method -
SSLContext context = SSLContext.getInstance("TLS");
The vulnerability is, using "TLS” as the argument to SSLContext.getInstance method.

*Reason it’s vulnerable:* TLS 1.0 is vulnerable to man-in-the-middle attacks. For further
reference, follow [this|].

*Suggested Fix:* Using
*Feedback:* Please select any of the options down below to help us get an idea about how you
felt about the suggestion -
 # Liked it and will make the suggested changes
 # Liked it but happy with the existing version
 # Didn’t find the suggestion helpful

This message was sent by Atlassian Jira

View raw message