hadoop-common-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Akira Ajisaka (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (HADOOP-15169) "hadoop.ssl.enabled.protocols" should be considered in httpserver2
Date Wed, 12 Dec 2018 11:18:00 GMT

    [ https://issues.apache.org/jira/browse/HADOOP-15169?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16718809#comment-16718809
] 

Akira Ajisaka commented on HADOOP-15169:
----------------------------------------

In Apache Hadoop 3.x, the Jetty version is greater than 9.3.12 and it only accepts TLS 1.2
by default. I don't want to add a setting to accept TLS 1.1 or older protocols to create a
security hole for now. When we have migrated to Java 11 and Jetty 9.4.x to use TLS 1.3, then
we can add the setting for Jetty server.

On the other hand, in Apache Hadoop 2.x, adding the setting for HttpServer2 makes sense to
me. That way we can avoid using SSLv2Hello, TLSv1, or TLSv1.1 in HttpServer2.

> "hadoop.ssl.enabled.protocols" should be considered in httpserver2
> ------------------------------------------------------------------
>
>                 Key: HADOOP-15169
>                 URL: https://issues.apache.org/jira/browse/HADOOP-15169
>             Project: Hadoop Common
>          Issue Type: Bug
>          Components: security
>            Reporter: Brahma Reddy Battula
>            Assignee: Brahma Reddy Battula
>            Priority: Major
>         Attachments: HADOOP-15169-branch-2.patch, HADOOP-15169.patch
>
>
> As of now *hadoop.ssl.enabled.protocols"* will not take effect for all the http servers(
only Datanodehttp server will use this config).



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

---------------------------------------------------------------------
To unsubscribe, e-mail: common-issues-unsubscribe@hadoop.apache.org
For additional commands, e-mail: common-issues-help@hadoop.apache.org


Mime
View raw message