[JENKINS-26580] For JNLP slaves the master-slave communication should be encrypted - Jenkins Jira

XML

Word

Printable

Details

Type: Improvement
Status: Resolved (View Workflow)
Priority: Major
Resolution: Fixed
Component/s: core
Labels:

Similar Issues:

Show

Description

For more details about the requirements and possible implementation refer to:
https://groups.google.com/forum/#!topic/jenkinsci-dev/Q1KMOSE1IEc

Attachments

Issue Links

depends on

JENKINS-31718 JNLP slaves can fail to correctly negotiate a transport

Closed

is related to

JENKINS-33886 Can only connect one JNLP3 slave per IP address

Resolved

JENKINS-45841 Disable JNLP1/JNLP2/CLI1 by default on new installations

Resolved

links to

PR 2010

Activity

Ascending order - Click to sort in descending order

View 19 older comments

Aaron Curley added a comment - 2016-09-15 02:19

Great! Good to know.

Aaron Curley added a comment - 2016-09-15 02:19 Great! Good to know.

Marko Andrijevic added a comment - 2017-08-07 12:52

Hi oleg_nenashev,

Can you please reference Jenkins Master/Slave software version that contains the fix for this issue and the location where fixed version(s) can be downloaded from?

Thanks,
Marko

Marko Andrijevic added a comment - 2017-08-07 12:52 Hi oleg_nenashev , Can you please reference Jenkins Master/Slave software version that contains the fix for this issue and the location where fixed version(s) can be downloaded from? Thanks, Marko

Oleg Nenashev added a comment - 2017-08-07 13:06

marko_andrijevic So the fix is...

1) Download Jenkins 2.32.1+
2) Update Remoting on agents to 3.0+
3) Disable JNLP1/JNLP2/CLI1 protocols in the Global Security Configuration

BTW, ~~JENKINS-45841~~ will disable old protocols by default in new installations

Oleg Nenashev added a comment - 2017-08-07 13:06 marko_andrijevic So the fix is... 1) Download Jenkins 2.32.1+ 2) Update Remoting on agents to 3.0+ 3) Disable JNLP1/JNLP2/CLI1 protocols in the Global Security Configuration BTW, JENKINS-45841 will disable old protocols by default in new installations

Marko Andrijevic added a comment - 2017-08-07 13:39

Thank you very much for fast response Oleg! Can you please also let me know how can I verify that TLS is really in use in Master/Slave communication? I'm already using Wireshark to inspect communication, but since this is a binary protocol, I can't tell for sure if the content is encrypted or just difficult to read.

Regards,
Marko

Marko Andrijevic added a comment - 2017-08-07 13:39 Thank you very much for fast response Oleg! Can you please also let me know how can I verify that TLS is really in use in Master/Slave communication? I'm already using Wireshark to inspect communication, but since this is a binary protocol, I can't tell for sure if the content is encrypted or just difficult to read. Regards, Marko

Oleg Nenashev added a comment - 2017-08-07 14:17

marko_andrijevic JNLP4 works only through TLS. If you disable other protocols, it should be enough.

Oleg Nenashev added a comment - 2017-08-07 14:17 marko_andrijevic JNLP4 works only through TLS. If you disable other protocols, it should be enough.

People

Assignee:: akshay_abd

Reporter:: akshay_abd

Votes:: 6 Vote for this issue

Watchers:: 15 Start watching this issue

Dates

Created:: 2015-01-23 19:45

Updated:: 2017-08-07 14:17

Resolved:: 2016-03-09 16:11