Uploaded image for project: 'Jenkins'
  1. Jenkins
  2. JENKINS-26580

For JNLP slaves the master-slave communication should be encrypted

    XMLWordPrintable

Details

    Description

      For more details about the requirements and possible implementation refer to:
      https://groups.google.com/forum/#!topic/jenkinsci-dev/Q1KMOSE1IEc

      Attachments

        Issue Links

          Activity

            aaron312 Aaron Curley added a comment -

            Great! Good to know.

            aaron312 Aaron Curley added a comment - Great! Good to know.

            Hi oleg_nenashev,

            Can you please reference Jenkins Master/Slave software version that contains the fix for this issue and the location where fixed version(s) can be downloaded from?

            Thanks,
            Marko

            marko_andrijevic Marko Andrijevic added a comment - Hi oleg_nenashev , Can you please reference Jenkins Master/Slave software version that contains the fix for this issue and the location where fixed version(s) can be downloaded from? Thanks, Marko
            oleg_nenashev Oleg Nenashev added a comment -

            marko_andrijevic So the fix is...

            1) Download Jenkins 2.32.1+
            2) Update Remoting on agents to 3.0+
            3) Disable JNLP1/JNLP2/CLI1 protocols in the Global Security Configuration

            BTW, JENKINS-45841 will disable old protocols by default in new installations

            oleg_nenashev Oleg Nenashev added a comment - marko_andrijevic So the fix is... 1) Download Jenkins 2.32.1+ 2) Update Remoting on agents to 3.0+ 3) Disable JNLP1/JNLP2/CLI1 protocols in the Global Security Configuration BTW, JENKINS-45841 will disable old protocols by default in new installations

            Thank you very much for fast response Oleg! Can you please also let me know how can I verify that TLS is really in use in Master/Slave communication? I'm already using Wireshark to inspect communication, but since this is a binary protocol, I can't tell for sure if the content is encrypted or just difficult to read.

            Regards,
            Marko

            marko_andrijevic Marko Andrijevic added a comment - Thank you very much for fast response Oleg! Can you please also let me know how can I verify that TLS is really in use in Master/Slave communication? I'm already using Wireshark to inspect communication, but since this is a binary protocol, I can't tell for sure if the content is encrypted or just difficult to read. Regards, Marko
            oleg_nenashev Oleg Nenashev added a comment -

            marko_andrijevic JNLP4 works only through TLS. If you disable other protocols, it should be enough.

            oleg_nenashev Oleg Nenashev added a comment - marko_andrijevic JNLP4 works only through TLS. If you disable other protocols, it should be enough.

            People

              akshay_abd akshay_abd
              akshay_abd akshay_abd
              Votes:
              6 Vote for this issue
              Watchers:
              15 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: