hadoop-hdfs-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Vijay Singh (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (HDFS-7275) Add TLSv1.1,TLSv1.2 to HttpFS
Date Fri, 02 Oct 2015 05:10:26 GMT

    [ https://issues.apache.org/jira/browse/HDFS-7275?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14940770#comment-14940770
] 

Vijay Singh commented on HDFS-7275:
-----------------------------------

Hi Robert,
I have tested this code change in my local and it works fine. I am attaching the patch for
everyone's review and feedback. Please let me know in case of any suggestions, I will complete
those changes.
For now the change involves modifying file hadoop/hadoop-hdfs-project/hadoop-hdfs-httpfs/src/main/tomcat/ssl-server.xml.conf
to include entries for TLSv1.1 and TLSv1.2 on line 73.
This patch is required for couple of clients as they have their clients running curl on ubuntu
or RHEL7 that offers clients to specify tls level while fetching data from httpFs.

Please provide feedback if any.
The code snippted change looks as follows:
{code:ssl-server.xml.conf|borderStyle=solid}
<Connector port="${httpfs.http.port}" protocol="HTTP/1.1" SSLEnabled="true"
               maxThreads="150" scheme="https" secure="true"
               clientAuth="false" sslEnabledProtocols="TLSv1,+*TLSv1.1,TLSv1.2,*+SSLv2Hello"
               keystoreFile="${httpfs.ssl.keystore.file}"
               keystorePass="_httpfs_ssl_keystore_pass_"/>
{code}
 

> Add TLSv1.1,TLSv1.2 to HttpFS
> -----------------------------
>
>                 Key: HDFS-7275
>                 URL: https://issues.apache.org/jira/browse/HDFS-7275
>             Project: Hadoop HDFS
>          Issue Type: Bug
>          Components: webhdfs
>    Affects Versions: 2.7.0
>            Reporter: Robert Kanter
>            Assignee: Vijay Singh
>
> HDFS-7274 required us to specifically list the versions of TLS that HttpFS supports.
With Hadoop 2.7 dropping support for Java 6 and Java 7 supporting TLSv1.1 and TLSv1.2, we
should add them to the list.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Mime
View raw message