Uploaded image for project: 'Jenkins'
  1. Jenkins
  2. JENKINS-26580

For JNLP slaves the master-slave communication should be encrypted

    XMLWordPrintable

    Details

    • Similar Issues:

      Description

      For more details about the requirements and possible implementation refer to:
      https://groups.google.com/forum/#!topic/jenkinsci-dev/Q1KMOSE1IEc

        Attachments

          Issue Links

            Activity

            Hide
            aaron312 Aaron Curley added a comment -

            Great! Good to know.

            Show
            aaron312 Aaron Curley added a comment - Great! Good to know.
            Hide
            marko_andrijevic Marko Andrijevic added a comment -

            Hi Oleg Nenashev,

            Can you please reference Jenkins Master/Slave software version that contains the fix for this issue and the location where fixed version(s) can be downloaded from?

            Thanks,
            Marko

            Show
            marko_andrijevic Marko Andrijevic added a comment - Hi Oleg Nenashev , Can you please reference Jenkins Master/Slave software version that contains the fix for this issue and the location where fixed version(s) can be downloaded from? Thanks, Marko
            Hide
            oleg_nenashev Oleg Nenashev added a comment -

            Marko Andrijevic So the fix is...

            1) Download Jenkins 2.32.1+
            2) Update Remoting on agents to 3.0+
            3) Disable JNLP1/JNLP2/CLI1 protocols in the Global Security Configuration

            BTW, JENKINS-45841 will disable old protocols by default in new installations

            Show
            oleg_nenashev Oleg Nenashev added a comment - Marko Andrijevic So the fix is... 1) Download Jenkins 2.32.1+ 2) Update Remoting on agents to 3.0+ 3) Disable JNLP1/JNLP2/CLI1 protocols in the Global Security Configuration BTW, JENKINS-45841 will disable old protocols by default in new installations
            Hide
            marko_andrijevic Marko Andrijevic added a comment -

            Thank you very much for fast response Oleg! Can you please also let me know how can I verify that TLS is really in use in Master/Slave communication? I'm already using Wireshark to inspect communication, but since this is a binary protocol, I can't tell for sure if the content is encrypted or just difficult to read.

            Regards,
            Marko

            Show
            marko_andrijevic Marko Andrijevic added a comment - Thank you very much for fast response Oleg! Can you please also let me know how can I verify that TLS is really in use in Master/Slave communication? I'm already using Wireshark to inspect communication, but since this is a binary protocol, I can't tell for sure if the content is encrypted or just difficult to read. Regards, Marko
            Hide
            oleg_nenashev Oleg Nenashev added a comment -

            Marko Andrijevic JNLP4 works only through TLS. If you disable other protocols, it should be enough.

            Show
            oleg_nenashev Oleg Nenashev added a comment - Marko Andrijevic JNLP4 works only through TLS. If you disable other protocols, it should be enough.

              People

              • Assignee:
                akshay_abd akshay_abd
                Reporter:
                akshay_abd akshay_abd
              • Votes:
                6 Vote for this issue
                Watchers:
                15 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved: