Support Questions

Find answers, ask questions, and share your expertise

TLSv1.3 Support for Zookeeper 3.8.0

avatar
New Contributor

I had set the properties in zoo.cfg below to enable TLSv1.3 on zookeper 3.8.0 , but in the logs I see that zookeeper is connected to other zookeeper node on TLSv1.2 that is the default version. I want to know how can I enable TLSv1.3 on zookeeper 3.8.0

zookeeper.ssl.protocol=TLSv1.3
zookeeper.ssl.quorum.protocol=TLSv1.3

1 ACCEPTED SOLUTION

avatar
Expert Contributor

Hello @kaps_zk Are you using Cloudera data platform or some other platform? Per our Cloudera Document, TLS v1.3 is not supported in any of our distribution. 

Ref: https://docs.cloudera.com/cdp-private-cloud-base/7.1.7/installation/topics/cdpdc-networking-security... 

 

If ZooKeeper 3.8.0 supports TLS v1.3 and all ZK clients needs to use TLS connections, you can make TLSv1.3 as default TLS protocol. You can enforce it by updating "$JAVA_HOME/jre/lib/security/java.security" file and alter "jdk.tls.disabledAlgorithms" values as suggested in below link in all ZK Servers -  - https://support.bizzdesign.com/display/knowledge/Disabling+old+TLS+versions+used+by+Java+Open+JDK 

 

You need to ensure the JDK version in all the ZK Servers also supports TLSv1.3

 

View solution in original post

3 REPLIES 3

avatar
Community Manager

@kaps_zk Welcome to the Cloudera Community!

To help you get the best possible solution, I have tagged our Zookeeper experts @smdas @PabitraDas   who may be able to assist you further.

Please keep us updated on your post, and we hope you find a satisfactory solution to your query.


Regards,

Diana Torres,
Community Moderator


Was your question answered? Make sure to mark the answer as the accepted solution.
If you find a reply useful, say thanks by clicking on the thumbs up button.
Learn more about the Cloudera Community:

avatar
Expert Contributor

Hello @kaps_zk Are you using Cloudera data platform or some other platform? Per our Cloudera Document, TLS v1.3 is not supported in any of our distribution. 

Ref: https://docs.cloudera.com/cdp-private-cloud-base/7.1.7/installation/topics/cdpdc-networking-security... 

 

If ZooKeeper 3.8.0 supports TLS v1.3 and all ZK clients needs to use TLS connections, you can make TLSv1.3 as default TLS protocol. You can enforce it by updating "$JAVA_HOME/jre/lib/security/java.security" file and alter "jdk.tls.disabledAlgorithms" values as suggested in below link in all ZK Servers -  - https://support.bizzdesign.com/display/knowledge/Disabling+old+TLS+versions+used+by+Java+Open+JDK 

 

You need to ensure the JDK version in all the ZK Servers also supports TLSv1.3

 

avatar
Community Manager

@kaps_zk Has the reply helped resolve your issue? If so, please mark the appropriate reply as the solution, as it will make it easier for others to find the answer in the future.  Thanks.


Regards,

Diana Torres,
Community Moderator


Was your question answered? Make sure to mark the answer as the accepted solution.
If you find a reply useful, say thanks by clicking on the thumbs up button.
Learn more about the Cloudera Community: