From commits-return-4542-archive-asf-public=cust-asf.ponee.io@openwhisk.apache.org Tue May 8 09:53:48 2018 Return-Path: X-Original-To: archive-asf-public@cust-asf.ponee.io Delivered-To: archive-asf-public@cust-asf.ponee.io Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by mx-eu-01.ponee.io (Postfix) with SMTP id 9573D18063B for ; Tue, 8 May 2018 09:53:47 +0200 (CEST) Received: (qmail 88935 invoked by uid 500); 8 May 2018 07:53:46 -0000 Mailing-List: contact commits-help@openwhisk.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: dev@openwhisk.apache.org Delivered-To: mailing list commits@openwhisk.apache.org Received: (qmail 88926 invoked by uid 99); 8 May 2018 07:53:46 -0000 Received: from ec2-52-202-80-70.compute-1.amazonaws.com (HELO gitbox.apache.org) (52.202.80.70) by apache.org (qpsmtpd/0.29) with ESMTP; Tue, 08 May 2018 07:53:46 +0000 Received: by gitbox.apache.org (ASF Mail Server at gitbox.apache.org, from userid 33) id 34B51807C6; Tue, 8 May 2018 07:53:46 +0000 (UTC) Date: Tue, 08 May 2018 07:53:45 +0000 To: "commits@openwhisk.apache.org" Subject: [incubator-openwhisk] branch master updated: Limit cipher suites used for Kafka SSL. (#3604) MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit Message-ID: <152576602565.2411.1138288475080117050@gitbox.apache.org> From: cbickel@apache.org X-Git-Host: gitbox.apache.org X-Git-Repo: incubator-openwhisk X-Git-Refname: refs/heads/master X-Git-Reftype: branch X-Git-Oldrev: 1cf18d5cceadac50c83b9c611689c470f90761e5 X-Git-Newrev: 939c3d797b54a870efbb085c14eb7fb4201d8fbb X-Git-Rev: 939c3d797b54a870efbb085c14eb7fb4201d8fbb X-Git-NotificationType: ref_changed_plus_diff X-Git-Multimail-Version: 1.5.dev Auto-Submitted: auto-generated This is an automated email from the ASF dual-hosted git repository. cbickel pushed a commit to branch master in repository https://gitbox.apache.org/repos/asf/incubator-openwhisk.git The following commit(s) were added to refs/heads/master by this push: new 939c3d7 Limit cipher suites used for Kafka SSL. (#3604) 939c3d7 is described below commit 939c3d797b54a870efbb085c14eb7fb4201d8fbb Author: Vadim Raskin AuthorDate: Tue May 8 09:53:41 2018 +0200 Limit cipher suites used for Kafka SSL. (#3604) --- ansible/group_vars/all | 7 +++++++ ansible/roles/kafka/tasks/deploy.yml | 1 + 2 files changed, 8 insertions(+) diff --git a/ansible/group_vars/all b/ansible/group_vars/all index 977d6ed..d4258b8 100644 --- a/ansible/group_vars/all +++ b/ansible/group_vars/all @@ -108,6 +108,13 @@ kafka: keystore: name: kafka-keystore.jks password: openwhisk + cipher_suites: + - TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA + - TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 + - TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 + - TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA + - TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 + - TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 protocol: "{{ kafka_protocol_for_setup }}" version: 0.11.0.1 port: 9072 diff --git a/ansible/roles/kafka/tasks/deploy.yml b/ansible/roles/kafka/tasks/deploy.yml index ae4a7df..244c997 100644 --- a/ansible/roles/kafka/tasks/deploy.yml +++ b/ansible/roles/kafka/tasks/deploy.yml @@ -63,6 +63,7 @@ "KAFKA_SSL_TRUSTSTORE_LOCATION": "/config/{{ kafka.ssl.keystore.name }}" "KAFKA_SSL_TRUSTSTORE_PASSWORD": "{{ kafka.ssl.keystore.password }}" "KAFKA_SSL_CLIENT_AUTH": "{{ kafka.ssl.client_authentication }}" + "KAFKA_SSL_CIPHER_SUITES": "{{ kafka.ssl.cipher_suites | join(',') }}" # The sed script passed in CUSTOM_INIT_SCRIPT fixes a bug in the wurstmeister dcoker image # by patching the server.configuration file right before kafka is started. # The script adds the missing advertized hostname to the advertised.listener property -- To stop receiving notification emails like this one, please contact cbickel@apache.org.