ambari-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Doroszlai, Attila (JIRA)" <j...@apache.org>
Subject [jira] [Updated] (AMBARI-17666) Ambari agent can't start when TLSv1 is disabled in Java security
Date Fri, 16 Dec 2016 14:49:58 GMT

     [ https://issues.apache.org/jira/browse/AMBARI-17666?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]

Doroszlai, Attila updated AMBARI-17666:
---------------------------------------
    Resolution: Fixed
        Status: Resolved  (was: Patch Available)

> Ambari agent can't start when TLSv1 is disabled in Java security
> ----------------------------------------------------------------
>
>                 Key: AMBARI-17666
>                 URL: https://issues.apache.org/jira/browse/AMBARI-17666
>             Project: Ambari
>          Issue Type: Bug
>          Components: ambari-agent
>    Affects Versions: 2.2.0
>            Reporter: Tuong Truong
>            Assignee: Dmitry Lysnichenko
>              Labels: security
>             Fix For: 2.5.0
>
>         Attachments: AMBARI-17666_test_trunk.patch
>
>
> Currently, the commit for https://issues.apache.org/jira/browse/AMBARI-14236 explicit
force the SSL protocol to TLSv1 in  ambari-agent/src/main/python/ambari_agent/alerts/web_alert.py.
 Unfortunate, this setting in effect whenever web_alert pacackged is loaded (ambari-agent/src/main/python/ambari_agent/AlertSchedulerHandler.py)
regardless whether ssl is used or not. 
> As a result, disabling TLSv1 in Ambari server will cause the agent to fail to start.
> Recreate:
> In Ambari's acitve JDK on Ambari server node, in java.security file, set jdk.tls.disabledAlgorithms=MD5,
SSLv2, SSLv3, TLSv1, DSA, RC4, RSA keySize < 2048
> restart ambari-server, and you will see errors in ambari agent logs:
> ERROR 2016-07-11 15:11:15,269 NetUtil.py:84 - [Errno 8] _ssl.c:492: EOF occurred in violation
of protocol
> ERROR 2016-07-11 15:11:15,269 NetUtil.py:85 - SSLError: Failed to connect. Please check
openssl library versions.
> Refer to: https://bugzilla.redhat.com/show_bug.cgi?id=1022468 for more details.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Mime
View raw message