hbase-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Mate Szalay-Beko (Jira)" <j...@apache.org>
Subject [jira] [Work started] (HBASE-25993) Make excluded SSL cipher suites configurable for all Web UIs
Date Thu, 10 Jun 2021 14:08:00 GMT

     [ https://issues.apache.org/jira/browse/HBASE-25993?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]

Work on HBASE-25993 started by Mate Szalay-Beko.
------------------------------------------------
> Make excluded SSL cipher suites configurable for all Web UIs
> ------------------------------------------------------------
>
>                 Key: HBASE-25993
>                 URL: https://issues.apache.org/jira/browse/HBASE-25993
>             Project: HBase
>          Issue Type: Improvement
>    Affects Versions: 3.0.0-alpha-1, 2.2.7, 2.5.0, 2.3.5, 2.4.4
>            Reporter: Mate Szalay-Beko
>            Assignee: Mate Szalay-Beko
>            Priority: Major
>
> When starting a jetty http server, one can explicitly exclude certain (unsecure) SSL
cipher suites. This can be especially important, when the HBase cluster needs to be compliant
with security regulations (e.g. FIPS).
> Currently it is possible to set the excluded ciphers for the ThriftServer ("hbase.thrift.ssl.exclude.cipher.suites")
or for the RestServer ("hbase.rest.ssl.exclude.cipher.suites"), but one can not configure
it for the regular InfoServer started by e.g. the master or region servers.
> In this commit I want to introduce a new configuration "ssl.server.exclude.cipher.list"
to configure the excluded cipher suites for the http server started by the InfoServer. This
parameter has the same name and will work in the same way, as it was already implemented in
hadoop (e.g. for hdfs/yarn). See: HADOOP-12668, HADOOP-14341



--
This message was sent by Atlassian Jira
(v8.3.4#803005)

Mime
View raw message