Hello, Rajini. Yes, we can!
I have to write another KIP that goal will be keep only TLSv1.2 and TLSv1.3 in SslConfigs.DEFAULT_SSL_ENABLED_PROTOCOLS Is it correct? > 17 янв. 2020 г., в 14:13, Rajini Sivaram <rajinisiva...@gmail.com> написал(а): > > Hi Nikolay, > > Can we split this KIP into two: > 1) Remove insecure TLS protocols from the default values > 2) Enable TLSv1.3 > > Since we are coming up to KIP freeze for 2.5.0 release, it will be good if > we can get at least the first one into 2.5.0. It would be a much smaller > change and won't get blocked behind TLSv1.3 testing. > > Thank you, > > Rajini > > On Tue, Jan 7, 2020 at 11:49 AM Rajini Sivaram <rajinisiva...@gmail.com> > wrote: > >> Hi Nikolay, >> >> There a couple of things you could do: >> >> 1) Run all system tests that use SSL with TLSv1.3. I had run a subset, but >> it will be good to run all of them. You can do this locally using docker >> with JDK 11 by updating the files in tests/docker. You will need to update >> tests/kafkatest/services/security/security_config.py to enable only >> TLSv1.3. Instructions for running system tests using docker are in >> https://github.com/apache/kafka/blob/trunk/tests/README.md. >> 2) For integration tests, we run a small number of tests using TLSv1.3 if >> the tests are run using JDK 11 and above. We need to do this for system >> tests as well. There is an open JIRA: >> https://issues.apache.org/jira/browse/KAFKA-9319. Feel free to assign >> this to yourself if you have time to do this. >> >> Regards, >> >> Rajini >> >> >> On Tue, Jan 7, 2020 at 5:15 AM Николай Ижиков <nizhi...@apache.org> wrote: >> >>> Hello, Rajini. >>> >>> Can you, please, clarify, what should be done? >>> I can try to do tests by myself. >>> >>>> 6 янв. 2020 г., в 21:29, Rajini Sivaram <rajinisiva...@gmail.com> >>> написал(а): >>>> >>>> Hi Brajesh. >>>> >>>> No one is working on this yet, but will follow up with the Confluent >>> tools >>>> team to see when this can be done. >>>> >>>> On Mon, Jan 6, 2020 at 3:29 PM Brajesh Kumar <kbrajesh...@gmail.com> >>> wrote: >>>> >>>>> Hello Rajini, >>>>> >>>>> What is the plan to run system tests using JDK 11? Is someone working >>> on >>>>> this? >>>>> >>>>> On Mon, Jan 6, 2020 at 3:00 PM Rajini Sivaram <rajinisiva...@gmail.com >>>> >>>>> wrote: >>>>> >>>>>> Hi Nikolay, >>>>>> >>>>>> We can leave the KIP open and restart the discussion once system tests >>>>> are >>>>>> running. >>>>>> >>>>>> Thanks, >>>>>> >>>>>> Rajini >>>>>> >>>>>> On Mon, Jan 6, 2020 at 2:46 PM Николай Ижиков <nizhi...@apache.org> >>>>> wrote: >>>>>> >>>>>>> Hello, Rajini. >>>>>>> >>>>>>> Thanks, for the feedback. >>>>>>> >>>>>>> Should I mark this KIP as declined? >>>>>>> Or just wait for the system tests results? >>>>>>> >>>>>>>> 6 янв. 2020 г., в 17:26, Rajini Sivaram <rajinisiva...@gmail.com> >>>>>>> написал(а): >>>>>>>> >>>>>>>> Hi Nikolay, >>>>>>>> >>>>>>>> Thanks for the KIP. We currently run system tests using JDK 8 and >>>>> hence >>>>>>> we >>>>>>>> don't yet have full system test results with TLS 1.3 which requires >>>>> JDK >>>>>>> 11. >>>>>>>> We should wait until that is done before enabling TLS1.3 by default. >>>>>>>> >>>>>>>> Regards, >>>>>>>> >>>>>>>> Rajini >>>>>>>> >>>>>>>> >>>>>>>> On Mon, Dec 30, 2019 at 5:36 AM Николай Ижиков <nizhi...@apache.org >>>> >>>>>>> wrote: >>>>>>>> >>>>>>>>> Hello, Team. >>>>>>>>> >>>>>>>>> Any feedback on this KIP? >>>>>>>>> Do we need this in Kafka? >>>>>>>>> >>>>>>>>>> 24 дек. 2019 г., в 18:28, Nikolay Izhikov <nizhi...@apache.org> >>>>>>>>> написал(а): >>>>>>>>>> >>>>>>>>>> Hello, >>>>>>>>>> >>>>>>>>>> I'd like to start a discussion of KIP. >>>>>>>>>> Its goal is to enable TLSv1.3 and disable obsolete versions by >>>>>> default. >>>>>>>>>> >>>>>>>>>> >>>>>>>>> >>>>>>> >>>>>> >>>>> >>> https://cwiki.apache.org/confluence/pages/viewpage.action?pageId=142641956 >>>>>>>>>> >>>>>>>>>> Your comments and suggestions are welcome. >>>>>>>>>> >>>>>>>>> >>>>>>>>> >>>>>>> >>>>>>> >>>>>> >>>>> >>>>> >>>>> -- >>>>> Regards, >>>>> Brajesh Kumar >>>>> >>> >>>
