Table of Contents |
---|
Status
Current state: Under discussion
Discussion thread: Dev-list discussion
JIRA: KAFKA-9320
Motivation
In KAFKA-7251 support of TLS1.3 was introduced.
...
- https://www.rfc-editor.org/info/rfc8446
- https://en.wikipedia.org/wiki/Transport_Layer_Security#History_and_development
But testing of TLS1.3 incomplete, for now.
We should enable actual versions of the TLS protocol by default to provide to the users only secure implementations.
Users can enable obsolete versions of the TLS with the configuration if they want to.
Public Interfaces
There are no changes in public interfaces.
Proposed Changes
Change the value of the SslConfigs.DEFAULT_SSL_ENABLED_PROTOCOLS to "TLSv1.3,TLSv1.2"
Compatibility, Deprecation, and Migration Plan
Compatibility: There are no compatibility issues.
...
Deprecation: TLSv1.1, TLLv1 will become deprecated.
Rejected Alternatives
There is no rejected alternatives.
...