Created 07-07-2023 12:46 AM
I had set the properties in zoo.cfg below to enable TLSv1.3 on zookeper 3.8.0 , but in the logs I see that zookeeper is connected to other zookeeper node on TLSv1.2 that is the default version. I want to know how can I enable TLSv1.3 on zookeeper 3.8.0
zookeeper.ssl.protocol=TLSv1.3
zookeeper.ssl.quorum.protocol=TLSv1.3
Created 07-08-2023 03:09 AM
Hello @kaps_zk Are you using Cloudera data platform or some other platform? Per our Cloudera Document, TLS v1.3 is not supported in any of our distribution.
If ZooKeeper 3.8.0 supports TLS v1.3 and all ZK clients needs to use TLS connections, you can make TLSv1.3 as default TLS protocol. You can enforce it by updating "$JAVA_HOME/jre/lib/security/java.security" file and alter "jdk.tls.disabledAlgorithms" values as suggested in below link in all ZK Servers - - https://support.bizzdesign.com/display/knowledge/Disabling+old+TLS+versions+used+by+Java+Open+JDK
You need to ensure the JDK version in all the ZK Servers also supports TLSv1.3
Created 07-07-2023 05:00 AM
@kaps_zk Welcome to the Cloudera Community!
To help you get the best possible solution, I have tagged our Zookeeper experts @smdas @PabitraDas who may be able to assist you further.
Please keep us updated on your post, and we hope you find a satisfactory solution to your query.
Regards,
Diana Torres,Created 07-08-2023 03:09 AM
Hello @kaps_zk Are you using Cloudera data platform or some other platform? Per our Cloudera Document, TLS v1.3 is not supported in any of our distribution.
If ZooKeeper 3.8.0 supports TLS v1.3 and all ZK clients needs to use TLS connections, you can make TLSv1.3 as default TLS protocol. You can enforce it by updating "$JAVA_HOME/jre/lib/security/java.security" file and alter "jdk.tls.disabledAlgorithms" values as suggested in below link in all ZK Servers - - https://support.bizzdesign.com/display/knowledge/Disabling+old+TLS+versions+used+by+Java+Open+JDK
You need to ensure the JDK version in all the ZK Servers also supports TLSv1.3
Created 07-13-2023 12:52 PM
@kaps_zk Has the reply helped resolve your issue? If so, please mark the appropriate reply as the solution, as it will make it easier for others to find the answer in the future. Thanks.
Regards,
Diana Torres,