ambari-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Sandor Magyari (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (AMBARI-20583) Allow for larger Ephemeral DH Keys in Ambari server running on JVM versions 1.8 and above
Date Tue, 28 Mar 2017 17:13:42 GMT

    [ https://issues.apache.org/jira/browse/AMBARI-20583?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15945565#comment-15945565
] 

Sandor Magyari commented on AMBARI-20583:
-----------------------------------------

Committed to trunk: 

{code}
commit 165ec700f0f4e5c83a30bb7591df0fa1a8cfec9a
Author: Attila Magyar <amagyar@hortonworks.com>
Date:   Tue Mar 28 19:10:40 2017 +0200

    AMBARI-20583. Allow for larger Ephemeral DH Keys in Ambari server running on JVM versions
1.8 and above (Attila Magyar via sandor_magyari)
{code}

> Allow for larger Ephemeral DH Keys in Ambari server running on JVM versions 1.8 and above

> ------------------------------------------------------------------------------------------
>
>                 Key: AMBARI-20583
>                 URL: https://issues.apache.org/jira/browse/AMBARI-20583
>             Project: Ambari
>          Issue Type: Task
>          Components: ambari-server
>    Affects Versions: 2.5.1
>            Reporter: Attila Magyar
>            Assignee: Attila Magyar
>             Fix For: 2.5.1
>
>         Attachments: AMBARI-20583.patch
>
>
> Allow for larger Ephemeral DH Keys in Ambari server running on JVM versions 1.8 and above.
> This can already be done by manually editing the ambari-env.sh file (/var/lib/ambari-server/ambari-env.sh)
and adding the following to the AMBARI_JVM_ARGS environment variable:
> -Djdk.tls.ephemeralDHKeySize=2048
> The jdk.tls.ephemeralDHKeySize property is only available in Java VM versions 1.8 and
above. However it may not be supported in by all Java vendors. Both Oracle and OpenJDK JVM
appear to support it.
> See https://docs.oracle.com/javase/8/docs/technotes/guides/security/jsse/JSSERefGuide.html#customizing_dh_keys
for more information.
> To help users set this value, Ambari should provide a property in the ambari.properties
file. If a supported JVM is in use, Ambari should internally set the System property (before
creating the embedded web server) as specified by the user. A possible Ambari property name
could be security.server.tls.ephemeral_dh_key_size. If not set, it's default value should
be 2048.
> To test the Ephemeral DH key size, the OpenSSL s_client utility may be used to query
the Ambari server's HTTPS port(s):
> openssl s_client -connect `hostname -f`:8441 -cipher "EDH"



--
This message was sent by Atlassian JIRA
(v6.3.15#6346)

Mime
View raw message