hadoop-common-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Tsuyoshi OZAWA <ozawa.tsuyo...@gmail.com>
Subject Re: [jira] [Created] (HADOOP-11260) Patch up Jetty to disable SSLv3
Date Mon, 03 Nov 2014 16:34:35 GMT
Hi Brend,

Could you write your comment on JIRA? Sometimes discussion on separate
places can occur confusion.

Thanks,
- Tsuyoshi

On Mon, Nov 3, 2014 at 4:30 AM, Bernd Eckenfels <ecki@zusammenkunft.net> wrote:
> Am Sun, 2 Nov 2014 19:27:33 +0000 (UTC)
> schrieb "Karthik Kambatla (JIRA)" <jira@apache.org>:
>
>> Hadoop uses an older version of Jetty that allows SSLv3. We should
>> fix it up.
>
> What about TLSv1.0 - in a contained eco system it might be good to aim
> for "modern compatibility":
>
> https://wiki.mozilla.org/Security/Server_Side_TLS
>
> It was only a near miss, that BEAST did not compromise TLSv1.0
>
> Greetings
> Bernd



-- 
- Tsuyoshi

Mime
View raw message