Return-Path: 
 <common-commits-return-46527-apmail-hadoop-common-commits-archive=hadoop.apache.org@hadoop.apache.org>
X-Original-To: apmail-hadoop-common-commits-archive@www.apache.org
Delivered-To: apmail-hadoop-common-commits-archive@www.apache.org
Received: from mail.apache.org (hermes.apache.org [140.211.11.3])
	by minotaur.apache.org (Postfix) with SMTP id C6F0618482
	for <apmail-hadoop-common-commits-archive@www.apache.org>;
 Mon, 22 Feb 2016 19:47:29 +0000 (UTC)
Received: (qmail 72460 invoked by uid 500); 22 Feb 2016 19:47:21 -0000
Delivered-To: apmail-hadoop-common-commits-archive@hadoop.apache.org
Received: (qmail 72166 invoked by uid 500); 22 Feb 2016 19:47:21 -0000
Mailing-List: contact common-commits-help@hadoop.apache.org; run by ezmlm
Precedence: bulk
List-Help: <mailto:common-commits-help@hadoop.apache.org>
List-Unsubscribe: <mailto:common-commits-unsubscribe@hadoop.apache.org>
List-Post: <mailto:common-commits@hadoop.apache.org>
List-Id: <common-commits.hadoop.apache.org>
Reply-To: common-dev@hadoop.apache.org
Delivered-To: mailing list common-commits@hadoop.apache.org
Received: (qmail 70746 invoked by uid 99); 22 Feb 2016 19:47:20 -0000
Received: from git1-us-west.apache.org (HELO git1-us-west.apache.org)
 (140.211.11.23)
    by apache.org (qpsmtpd/0.29) with ESMTP; Mon, 22 Feb 2016 19:47:20 +0000
Received: by git1-us-west.apache.org (ASF Mail Server at
 git1-us-west.apache.org, from userid 33)
	id C076EE0415; Mon, 22 Feb 2016 19:47:20 +0000 (UTC)
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
From: arp@apache.org
To: common-commits@hadoop.apache.org
Date: Mon, 22 Feb 2016 19:47:45 -0000
Message-Id: <2f7dd1a73e6e45738f1fe212d4fee220@git.apache.org>
In-Reply-To: <7839982659ae4ff6bd79ac8b2f5987b7@git.apache.org>
References: <7839982659ae4ff6bd79ac8b2f5987b7@git.apache.org>
X-Mailer: ASF-Git Admin Mailer
Subject: [26/50] [abbrv] hadoop git commit: HADOOP-12817. Enable TLS v1.1 and
 1.2 (rkanter)

HADOOP-12817. Enable TLS v1.1 and 1.2 (rkanter)


Project: http://git-wip-us.apache.org/repos/asf/hadoop/repo
Commit: http://git-wip-us.apache.org/repos/asf/hadoop/commit/a365a394
Tree: http://git-wip-us.apache.org/repos/asf/hadoop/tree/a365a394
Diff: http://git-wip-us.apache.org/repos/asf/hadoop/diff/a365a394

Branch: refs/heads/HDFS-1312
Commit: a365a3941cf96a31c289cb22678a602738880f74
Parents: 5d1889a
Author: Robert Kanter <rkanter@apache.org>
Authored: Thu Feb 18 11:09:50 2016 -0800
Committer: Robert Kanter <rkanter@apache.org>
Committed: Thu Feb 18 11:09:50 2016 -0800

----------------------------------------------------------------------
 hadoop-common-project/hadoop-common/CHANGES.txt                  | 2 ++
 .../src/main/java/org/apache/hadoop/security/ssl/SSLFactory.java | 3 ++-
 .../hadoop-common/src/main/resources/core-default.xml            | 4 ++--
 .../src/site/markdown/EncryptedShuffle.md                        | 2 +-
 4 files changed, 7 insertions(+), 4 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/hadoop/blob/a365a394/hadoop-common-project/hadoop-common/CHANGES.txt
----------------------------------------------------------------------
diff --git a/hadoop-common-project/hadoop-common/CHANGES.txt b/hadoop-common-project/hadoop-common/CHANGES.txt
index 9269960..41ba87d 100644
--- a/hadoop-common-project/hadoop-common/CHANGES.txt
+++ b/hadoop-common-project/hadoop-common/CHANGES.txt
@@ -691,6 +691,8 @@ Release 2.9.0 - UNRELEASED
     HADOOP-12710. Remove dependency on commons-httpclient for TestHttpServerLogs
     (Wei-Chiu Chuang via iwasakims)
 
+    HADOOP-12817. Enable TLS v1.1 and 1.2 (rkanter)
+
   BUG FIXES
 
     HADOOP-12605. Fix intermittent failure of TestIPC.testIpcWithReaderQueuing

http://git-wip-us.apache.org/repos/asf/hadoop/blob/a365a394/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/security/ssl/SSLFactory.java
----------------------------------------------------------------------
diff --git a/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/security/ssl/SSLFactory.java b/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/security/ssl/SSLFactory.java
index edec347..518de80 100644
--- a/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/security/ssl/SSLFactory.java
+++ b/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/security/ssl/SSLFactory.java
@@ -69,7 +69,8 @@ public class SSLFactory implements ConnectionConfigurator {
 
   public static final String SSL_ENABLED_PROTOCOLS =
       "hadoop.ssl.enabled.protocols";
-  public static final String DEFAULT_SSL_ENABLED_PROTOCOLS = "TLSv1";
+  public static final String DEFAULT_SSL_ENABLED_PROTOCOLS =
+      "TLSv1,SSLv2Hello,TLSv1.1,TLSv1.2";
 
   private Configuration conf;
   private Mode mode;

http://git-wip-us.apache.org/repos/asf/hadoop/blob/a365a394/hadoop-common-project/hadoop-common/src/main/resources/core-default.xml
----------------------------------------------------------------------
diff --git a/hadoop-common-project/hadoop-common/src/main/resources/core-default.xml b/hadoop-common-project/hadoop-common/src/main/resources/core-default.xml
index 34e1236..dd4919c 100644
--- a/hadoop-common-project/hadoop-common/src/main/resources/core-default.xml
+++ b/hadoop-common-project/hadoop-common/src/main/resources/core-default.xml
@@ -1644,9 +1644,9 @@ for ldap providers in the same way as above does.
 
 <property>
   <name>hadoop.ssl.enabled.protocols</name>
-  <value>TLSv1</value>
+  <value>TLSv1,SSLv2Hello,TLSv1.1,TLSv1.2</value>
   <description>
-    Protocols supported by the ssl.
+    The supported SSL protocols.
   </description>
 </property>
 

http://git-wip-us.apache.org/repos/asf/hadoop/blob/a365a394/hadoop-mapreduce-project/hadoop-mapreduce-client/hadoop-mapreduce-client-core/src/site/markdown/EncryptedShuffle.md
----------------------------------------------------------------------
diff --git a/hadoop-mapreduce-project/hadoop-mapreduce-client/hadoop-mapreduce-client-core/src/site/markdown/EncryptedShuffle.md b/hadoop-mapreduce-project/hadoop-mapreduce-client/hadoop-mapreduce-client-core/src/site/markdown/EncryptedShuffle.md
index fddd84f..f679781 100644
--- a/hadoop-mapreduce-project/hadoop-mapreduce-client/hadoop-mapreduce-client-core/src/site/markdown/EncryptedShuffle.md
+++ b/hadoop-mapreduce-project/hadoop-mapreduce-client/hadoop-mapreduce-client-core/src/site/markdown/EncryptedShuffle.md
@@ -44,7 +44,7 @@ To enable encrypted shuffle, set the following properties in core-site.xml of al
 | `hadoop.ssl.keystores.factory.class` | `org.apache.hadoop.security.ssl.FileBasedKeyStoresFactory` | The KeyStoresFactory implementation to use |
 | `hadoop.ssl.server.conf` | `ssl-server.xml` | Resource file from which ssl server keystore information will be extracted. This file is looked up in the classpath, typically it should be in Hadoop conf/ directory |
 | `hadoop.ssl.client.conf` | `ssl-client.xml` | Resource file from which ssl server keystore information will be extracted. This file is looked up in the classpath, typically it should be in Hadoop conf/ directory |
-| `hadoop.ssl.enabled.protocols` | `TLSv1` | The supported SSL protocols (JDK6 can use **TLSv1**, JDK7+ can use **TLSv1,TLSv1.1,TLSv1.2**) |
+| `hadoop.ssl.enabled.protocols` | `TLSv1,SSLv2Hello,TLSv1.1,TLSv1.2` | The supported SSL protocols |
 
 **IMPORTANT:** Currently requiring client certificates should be set to false. Refer the [Client Certificates](#Client_Certificates) section for details.