[
https://issues.apache.org/jira/browse/KAFKA-3665?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15273931#comment-15273931
]
Ismael Juma commented on KAFKA-3665:
------------------------------------
Thanks [~rsivaram]. I agree that this could catch some people. However, note
that our documentation currently states:
"Ensure that common name (CN) matches exactly with the fully qualified domain
name (FQDN) of the server. The client compares the CN with the DNS domain name
to ensure that it is indeed connecting to the desired server, not the malicious
one."
So, I would claim that it's a bug that we don't do it. I updated the upgrade
note in the PR to mention how to restore the old behaviour (as per your
suggestion).
> Default ssl.endpoint.identification.algorithm should be https
> -------------------------------------------------------------
>
> Key: KAFKA-3665
> URL: https://issues.apache.org/jira/browse/KAFKA-3665
> Project: Kafka
> Issue Type: Bug
> Components: security
> Affects Versions: 0.9.0.1
> Reporter: Ismael Juma
> Assignee: Ismael Juma
> Fix For: 0.10.0.0
>
>
> The default `ssl.endpoint.identification.algorithm` is `null` which is not a
> secure default (man in the middle attacks are possible).
> We should probably use `https` instead. A more conservative alternative would
> be to update the documentation instead of changing the default.
> A paper on the topic (thanks to Ryan Pridgeon for the reference):
> http://www.cs.utexas.edu/~shmat/shmat_ccs12.pdf
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
