[
https://issues.apache.org/jira/browse/KAFKA-1690?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14542437#comment-14542437
]
Sriharsha Chintalapani commented on KAFKA-1690:
-----------------------------------------------
[~junrao] Supporting renegotiation in tls/sslv3 is considered harmful and there
are known vulnerabilities (CVE-2009-3555).
The plan is to provide the same security guarantees of commodity HTTPS
implementation. Yes, we rely on restarting the cluster or forcing the client to
reconnect in case of revocation of certificates similar to what today's HTTPS
implementations do.
> new java producer needs ssl support as a client
> -----------------------------------------------
>
> Key: KAFKA-1690
> URL: https://issues.apache.org/jira/browse/KAFKA-1690
> Project: Kafka
> Issue Type: Sub-task
> Reporter: Joe Stein
> Assignee: Sriharsha Chintalapani
> Fix For: 0.8.3
>
> Attachments: KAFKA-1690.patch, KAFKA-1690.patch,
> KAFKA-1690_2015-05-10_23:20:30.patch, KAFKA-1690_2015-05-10_23:31:42.patch,
> KAFKA-1690_2015-05-11_16:09:36.patch, KAFKA-1690_2015-05-12_16:20:08.patch
>
>
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
