szetszwo commented on PR #6739:
URL: https://github.com/apache/hadoop/pull/6739#issuecomment-2060155541
> the pr cuts out all bouncy castle init. What will break?
@steveloughran , thanks for looking at this! As mentioned in
`core-default.xml`, could we ask admin to set java.security when they set
`hadoop.security.crypto.jce.provider`? The hard code approach currently force
everyone to use a particular version of BouncyCastle provider is incorrect. It
disallows the configurability of java security provider and also disallow
setting a more secure security provider.
```java
+++ b/hadoop-common-project/hadoop-common/src/main/resources/core-default.xml
@@ -3623,6 +3623,9 @@ The switch to turn S3A auditing on or off.
<value></value>
<description>
The JCE provider name used in CryptoCodec.
+ If this value is set, the corresponding provider must be added to the
provider list.
+ The provider may be added statically in the java.security file, or
+ added dynamically by calling the java.security.Security.addProvider(..)
method.
</description>
</property>
```
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: common-issues-unsubscr...@hadoop.apache.org
For queries about this service, please contact Infrastructure at:
us...@infra.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: common-issues-unsubscr...@hadoop.apache.org
For additional commands, e-mail: common-issues-h...@hadoop.apache.org
