To be more concrete, here are the ciphers supported by TLS 1.3: TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256:TLS_AES_128_GCM_SHA256:TLS_AES_128_CCM_SHA256
Compare with TLS 1.2: ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES256-CCM:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-CCM:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES128-SHA:AES256-GCM-SHA384:AES256-CCM:AES128-GCM-SHA256:AES128-CCM:AES256-SHA256:AES128-SHA256:AES256-SHA:AES128-SHA:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES256-CCM:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES128-CCM:DHE-RSA-AES256-SHA256:DHE-RSA-AES128-SHA256:DHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA So, if TLS 1.3 is added to the list by Kafka, it would seem that it would not work if the user specified a list of cipher suites for previous TLS versions. Will the client do the right thing and always negotiate TLS 1.2 in these cases? A safer approach may be to only add TLS 1.3 to the list if the cipher suite config has not been specified. Ismael On Mon, May 18, 2020 at 7:34 AM Ismael Juma <ism...@juma.me.uk> wrote: > Nikolay, > > Thanks for the comments. More below: > > 1. I meant that `ssl.protocol` is TLSv1.2 while `ssl.enabled.protocols` is > `TLSv1.2, TLSv1.3`. How do these two configs interact? > 2. My question is not about obsolete protocols, it is about people using > TLS 1.2 with specified cipher suites. How will that behave when TLS 1.3 is > enabled by default? > 3. An additional question is how does this impact Java 8 users? Java 8 > will receive TLS 1.3 support later this year ( > https://java.com/en/jre-jdk-cryptoroadmap.html), but it currently does > not support it. One way to handle this would be to check if the underlying > JVM supports TLS 1.3 before enabling it. > > I hope this clarifies my questions. > > Ismael > > On Mon, May 18, 2020 at 6:44 AM Nikolay Izhikov <nizhi...@apache.org> > wrote: > >> Hello, Ismael. >> >> Here is answers to your questions: >> >> > Quick question, the following is meant to include TLSv1.3 as well, >> right? >> > Change the value of the SslConfigs.DEFAULT_SSL_ENABLED_PROTOCOLS to >> «TLSv1.2» >> >> I propose to have the following value >> SslConfigs.DEFAULT_SSL_ENABLED_PROTOCOLS = «TLSv1.2,TLSv.1.3» >> >> > 1. `ssl.protocol` would remain TLSv1.2 with this change. It would be >> good to explain why that's OK. >> >> I think it covered by the following statements in KIP. >> If you know more trustworthy sources of this kind of information, please, >> let me know. >> >> ``` >> For now, only TLS1.2 and TLS1.3 are recommended for the usage, other >> versions of TLS considered as obsolete: >> • https://www.rfc-editor.org/info/rfc8446 >> • >> https://en.wikipedia.org/wiki/Transport_Layer_Security#History_and_development >> >> ``` >> >> > 2. What is the behavior for people who have configured >> `ssl.cipher.suites`? >> > The cipher suite names are different in TLS 1.3. What would be the >> behavior >> > if the client requests TLS 1.3, but the server only has cipher suites >> for >> > TLS 1.2? It would be good to explain the expected behavior and add >> tests to verify it. >> >> I think those users should update >> `SslConfigs.DEFAULT_SSL_ENABLED_PROTOCOLS` and enable required(but >> obsolete) version of TLS they use. >> After one should migrate to the reliable TLS version. >> This reflected in the KIP: >> >> ``` >> Migration: Users who are using TLSv1.1 and TLSv1 should enable these >> versions of the protocol with the explicit configuration property >> "ssl.enabled.protocols" >> ``` >> >> > 25 февр. 2020 г., в 08:57, Nikolay Izhikov <nizhikov....@gmail.com> >> написал(а): >> > >> > Hello. >> > >> > Any feedback on this? >> > >> > This change seems very simple, I can start vote right now if nothing to >> discuss here. >> > >> >> 21 февр. 2020 г., в 15:18, Nikolay Izhikov <nizhikov....@gmail.com> >> написал(а): >> >> >> >> Hello, >> >> >> >> I'd like to start a discussion of KIP [1] >> >> This is follow-up for the KIP-553 [2] >> >> >> >> Its goal is to enable TLSv1.3 by default. >> >> >> >> Your comments and suggestions are welcome. >> >> >> >> [1] >> https://cwiki.apache.org/confluence/display/KAFKA/KIP-573%3A+Enable+TLSv1.3+by+default >> >> [2] >> https://cwiki.apache.org/confluence/pages/viewpage.action?pageId=142641956 >> > >> >>
