[
https://issues.apache.org/jira/browse/KAFKA-3665?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15275926#comment-15275926
]
Jun Rao commented on KAFKA-3665:
--------------------------------
Interesting, the difference is that in https, if a VIP is used, all client
requests go through the VIP. However, in Kafka's case, only the initial
metadata request goes through the VIP. Subsequent requests go to the broker
directly. For the client to verify the broker's host name, does that mean the
broker's certificate needs to include both the VIP and the broker's host name
in SubjectAltNames? What about the client certificate?
> Default ssl.endpoint.identification.algorithm should be https
> -------------------------------------------------------------
>
> Key: KAFKA-3665
> URL: https://issues.apache.org/jira/browse/KAFKA-3665
> Project: Kafka
> Issue Type: Bug
> Components: security
> Affects Versions: 0.9.0.1
> Reporter: Ismael Juma
> Assignee: Ismael Juma
> Fix For: 0.10.0.0
>
>
> The default `ssl.endpoint.identification.algorithm` is `null` which is not a
> secure default (man in the middle attacks are possible).
> We should probably use `https` instead. A more conservative alternative would
> be to update the documentation instead of changing the default.
> A paper on the topic (thanks to Ryan Pridgeon for the reference):
> http://www.cs.utexas.edu/~shmat/shmat_ccs12.pdf
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
