lucene-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Jan Høydahl (JIRA) <>
Subject [jira] [Commented] (SOLR-7889) Secure ZooKeeper should be easy and the default
Date Mon, 29 Jul 2019 07:35:00 GMT


Jan Høydahl commented on SOLR-7889:

ZK 3.5.5 adds secureClientPort, so i should already be possible to use SSL.
However, in ZK 3.6 there will be something called *port unification* which allows to use the
same port for both normal and encrypted traffic, and the zkClient lib will adapt automatically
just by telling it to use SSL. That will provide for a better end user experience when migrating
a non-ssl ZK ensemble to a SSL one, since you can just upgrade zk and then flip clients to
SSL one at a time. Same will go for AdminServer.
But we should first document the current state, as it could take years for a new ZK version
to be released :) 

> Secure ZooKeeper should be easy and the default
> -----------------------------------------------
>                 Key: SOLR-7889
>                 URL:
>             Project: Solr
>          Issue Type: Improvement
>          Components: security
>            Reporter: Jan Høydahl
>            Priority: Critical
>              Labels: security, zookeeper
> ZooKeeper security is documented at
but is not trivial to setup, see
> As we enable more and more security stuff, securing ZK should be easier to do and ideally
the default. This is an umbrella for such improvements.
> When all of this is in place and working, perhaps even Solr should refuse to start if
Auth/Autz plugins are in use and ZK communication is not properly protected, e.g. require
{{bin/solr start --insecure}} to override.

This message was sent by Atlassian JIRA

To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message