hadoop-common-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Vijay Singh (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (HADOOP-11218) Add TLSv1.1,TLSv1.2 to KMS, HttpFS, SSLFactory
Date Fri, 02 Oct 2015 05:34:27 GMT

    [ https://issues.apache.org/jira/browse/HADOOP-11218?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14940784#comment-14940784
] 

Vijay Singh commented on HADOOP-11218:
--------------------------------------

Please find the result of tests carried out.
{noformat}
[root@vjs-1 ~]# diff /opt/myclient/hadoop-httpfs/tomcat-conf.https/conf/server.xml /opt/myclient/hadoop-httpfs/tomcat-conf.https/conf/server_tls1.xml 
73c73
<                clientAuth="false" sslEnabledProtocols=“TLSv1,TLSv1.1,TLSv1.2,SSLv2Hello"
---
>                clientAuth="false" sslEnabledProtocols="TLSv1,SSLv2Hello"

[root@vjkc ~]# openssl s_client -connect vjs-1.vpc.myclient.com:14000  -tls1 -CAfile /opt/myclient/security/setup/ca-certs/VIJAY-WIN-HEN9IV5CAGA-CA.pem
| grep Renegotiation
depth=1 DC = FCE, DC = SINGH, DC = VIJAY, CN = VIJAY-WIN-HEN9IV5CAGA-CA
verify return:1
depth=0 C = US, ST = Illinois, L = Chicago, O = myclient, OU = EDHCLUSTER, CN = vjs-1.vpc.myclient.com
verify return:1

Secure Renegotiation IS supported

[root@vjkc ~]# openssl s_client -connect vjs-1.vpc.myclient.com:14000  -tls1_1 -CAfile /opt/myclient/security/setup/ca-certs/VIJAY-WIN-HEN9IV5CAGA-CA.pem
| grep -i Renegotiation
depth=1 DC = FCE, DC = SINGH, DC = VIJAY, CN = VIJAY-WIN-HEN9IV5CAGA-CA
verify return:1
depth=0 C = US, ST = Illinois, L = Chicago, O = myclient, OU = EDHCLUSTER, CN = vjs-1.vpc.myclient.com
verify return:1

Secure Renegotiation IS supported

[root@vjkc ~]# openssl s_client -connect vjs-1.vpc.myclient.com:14000  -tls1_2 -CAfile /opt/myclient/security/setup/ca-certs/VIJAY-WIN-HEN9IV5CAGA-CA.pem
| grep -i Renegotiation
depth=1 DC = FCE, DC = SINGH, DC = VIJAY, CN = VIJAY-WIN-HEN9IV5CAGA-CA
verify return:1
depth=0 C = US, ST = Illinois, L = Chicago, O = myclient, OU = EDHCLUSTER, CN = vjs-1.vpc.myclient.com
verify return:1

Secure Renegotiation IS supported
{noformat}


> Add TLSv1.1,TLSv1.2 to KMS, HttpFS, SSLFactory
> ----------------------------------------------
>
>                 Key: HADOOP-11218
>                 URL: https://issues.apache.org/jira/browse/HADOOP-11218
>             Project: Hadoop Common
>          Issue Type: Bug
>          Components: kms
>    Affects Versions: 2.7.0
>            Reporter: Robert Kanter
>            Priority: Critical
>
> HADOOP-11217 required us to specifically list the versions of TLS that KMS supports.
With Hadoop 2.7 dropping support for Java 6 and Java 7 supporting TLSv1.1 and TLSv1.2, we
should add them to the list.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Mime
View raw message