[improve][broker-web&websocket&proxy&function-worker] Full-support set ssl provider, ciphers and protocols #13740
Conversation
nodece
force-pushed
the
fix_tls_config
branch
from
d7d57ca to
3a027f5
Compare
nodece
force-pushed
the
fix_tls_config
branch
2 times, most recently
from
642124f to
ea13113
Compare
nodece
force-pushed
the
fix_tls_config
branch
3 times, most recently
from
2aea92d to
fccc371
Compare
nodece
force-pushed
the
fix_tls_config
branch
2 times, most recently
from
2581c78 to
74c462a
Compare
nodece
changed the title
nodece
force-pushed
the
fix_tls_config
branch
2 times, most recently
from
2c82a67 to
4f36929
Compare
nodece
changed the title
|
/pulsarbot run-failure-checks |
codelipenghui
requested review from
hezhangjian,
315157973,
hangc0276,
merlimat,
lhotari and
eolivelli
There was a problem hiding this comment.
@nodece - would you please add a README.md file to the resources directories where the certificates and the .jks files are added explaining how they were created/generated? Adding this documentation will help any future troubleshooting that might be necessary for these tests, and it'll help someone verify the files, if they would like to do so. Thanks!
I've asked the question offline before. It looks like these binaries are copied from #13354 (I'm not sure why the sizes are a little different), whose documents will be added later. I'm just wondering that is there a good way to reference the same resources in two modules? |
Thanks for your point! I want to do this next PR, we have multiple public certificates and keystore file in Pulsar, these also need to improve. |
|
@eolivelli Could you help review this PR? |
|
Thanks for clarifying @BewareMyPower and @nodece. It makes sense to add in another PR, especially if we have multiple resources to document. |
@michaeljmarshall Thanks, could you approve this PR? then I do these things. |
|
/pulsarbot rerun-failure-checks |
|
/pulsarbot run-failure-checks |
…t ssl provider, ciphers and protocols Signed-off-by: Zixuan Liu <[email protected]>
Signed-off-by: Zixuan Liu <[email protected]>
|
Forch-pushed for rebase the master branch. |
|
/pulsarbot run-failure-checks |
…t ssl provider, ciphers and protocols (#13740) Fixes #13734 Pulsar doesn't set ssl provider, ciphers and protocols to the web, websocket and proxy service when `tlsEnabledWithKeyStore=false` - Add `org.apache.pulsar.jetty.tls` package in pulsar-broker-common for Jetty TLS support - Add a new `webServiceTlsProvider=Conscrypt` to broker and proxy config - Update `Conscrypt` as the `tlsProvider` value in websocket config In the old version, we implicitly use the `Conscrypt` provider, now we need to set it explicitly. (cherry picked from commit bf15e83)
…t ssl provider, ciphers and protocols (#13740) Fixes #13734 Pulsar doesn't set ssl provider, ciphers and protocols to the web, websocket and proxy service when `tlsEnabledWithKeyStore=false` - Add `org.apache.pulsar.jetty.tls` package in pulsar-broker-common for Jetty TLS support - Add a new `webServiceTlsProvider=Conscrypt` to broker and proxy config - Update `Conscrypt` as the `tlsProvider` value in websocket config In the old version, we implicitly use the `Conscrypt` provider, now we need to set it explicitly. (cherry picked from commit bf15e83)
Anonymitaet
added
doc-complete
…t ssl provider, ciphers and protocols (#13740) Fixes #13734 Pulsar doesn't set ssl provider, ciphers and protocols to the web, websocket and proxy service when `tlsEnabledWithKeyStore=false` - Add `org.apache.pulsar.jetty.tls` package in pulsar-broker-common for Jetty TLS support - Add a new `webServiceTlsProvider=Conscrypt` to broker and proxy config - Update `Conscrypt` as the `tlsProvider` value in websocket config In the old version, we implicitly use the `Conscrypt` provider, now we need to set it explicitly. (cherry picked from commit bf15e83)
…t ssl provider, ciphers and protocols (apache#13740) Fixes apache#13734 Pulsar doesn't set ssl provider, ciphers and protocols to the web, websocket and proxy service when `tlsEnabledWithKeyStore=false` - Add `org.apache.pulsar.jetty.tls` package in pulsar-broker-common for Jetty TLS support - Add a new `webServiceTlsProvider=Conscrypt` to broker and proxy config - Update `Conscrypt` as the `tlsProvider` value in websocket config In the old version, we implicitly use the `Conscrypt` provider, now we need to set it explicitly. (cherry picked from commit bf15e83) (cherry picked from commit fb0cb76)
…t ssl provider, ciphers and protocols (apache#13740) Fixes apache#13734 Pulsar doesn't set ssl provider, ciphers and protocols to the web, websocket and proxy service when `tlsEnabledWithKeyStore=false` - Add `org.apache.pulsar.jetty.tls` package in pulsar-broker-common for Jetty TLS support - Add a new `webServiceTlsProvider=Conscrypt` to broker and proxy config - Update `Conscrypt` as the `tlsProvider` value in websocket config In the old version, we implicitly use the `Conscrypt` provider, now we need to set it explicitly. (cherry picked from commit bf15e83) (cherry picked from commit b28f541)
Signed-off-by: Zixuan Liu [email protected]
Fixes #13734
Motivation
Pulsar doesn't set ssl provider, ciphers and protocols to the web, websocket and proxy service when
tlsEnabledWithKeyStore=falseModifications
org.apache.pulsar.jetty.tlspackage in pulsar-broker-common for Jetty TLS supportwebServiceTlsProvider=Conscryptto broker and proxy configConscryptas thetlsProvidervalue in websocket configIn the old version, we implicitly use the
Conscryptprovider, now we need to set it explicitly.Documentation
Need to update docs?
doc-requiredEffected version