This is an automated email from the ASF dual-hosted git repository. ctubbsii pushed a commit to branch 1.8 in repository https://gitbox.apache.org/repos/asf/accumulo.git
The following commit(s) were added to refs/heads/1.8 by this push: new e059c54 Make TLSv1.2 the default (#417) e059c54 is described below commit e059c54553e7d095799be15c993cec7c31ed54e5 Author: Christopher Tubbs <ctubb...@apache.org> AuthorDate: Mon Apr 9 16:40:26 2018 -0400 Make TLSv1.2 the default (#417) When Accumulo's RPC is configured for SSL/TLS, the connections will use TLSv1.2 by default (instead of TLSv1 or TLSv1.1). --- core/src/main/java/org/apache/accumulo/core/conf/Property.java | 10 ++++------ 1 file changed, 4 insertions(+), 6 deletions(-) diff --git a/core/src/main/java/org/apache/accumulo/core/conf/Property.java b/core/src/main/java/org/apache/accumulo/core/conf/Property.java index eea039f..1eed867 100644 --- a/core/src/main/java/org/apache/accumulo/core/conf/Property.java +++ b/core/src/main/java/org/apache/accumulo/core/conf/Property.java @@ -130,11 +130,9 @@ public enum Property { + "javax.net.ssl.* Accumulo properties"), RPC_SSL_CIPHER_SUITES("rpc.ssl.cipher.suites", "", PropertyType.STRING, "Comma separated list of cipher suites that can be used by accepted connections"), - RPC_SSL_ENABLED_PROTOCOLS("rpc.ssl.server.enabled.protocols", "TLSv1,TLSv1.1,TLSv1.2", - PropertyType.STRING, + RPC_SSL_ENABLED_PROTOCOLS("rpc.ssl.server.enabled.protocols", "TLSv1.2", PropertyType.STRING, "Comma separated list of protocols that can be used to accept connections"), - // TLSv1.2 should be used as the default when JDK6 support is dropped - RPC_SSL_CLIENT_PROTOCOL("rpc.ssl.client.protocol", "TLSv1", PropertyType.STRING, + RPC_SSL_CLIENT_PROTOCOL("rpc.ssl.client.protocol", "TLSv1.2", PropertyType.STRING, "The protocol used to connect to a secure server, must be in the list of enabled protocols " + "on the server side (rpc.ssl.server.enabled.protocols)"), /** @@ -580,8 +578,8 @@ public enum Property { MONITOR_SSL_EXCLUDE_CIPHERS("monitor.ssl.exclude.ciphers", "", PropertyType.STRING, "A comma-separated list of disallowed SSL Ciphers, see" + " monitor.ssl.include.ciphers to allow ciphers"), - MONITOR_SSL_INCLUDE_PROTOCOLS("monitor.ssl.include.protocols", "TLSv1,TLSv1.1,TLSv1.2", - PropertyType.STRING, "A comma-separate list of allowed SSL protocols"), + MONITOR_SSL_INCLUDE_PROTOCOLS("monitor.ssl.include.protocols", "TLSv1.2", PropertyType.STRING, + "A comma-separate list of allowed SSL protocols"), MONITOR_LOCK_CHECK_INTERVAL("monitor.lock.check.interval", "5s", PropertyType.TIMEDURATION, "The amount of time to sleep between checking for the Montior ZooKeeper lock"), -- To stop receiving notification emails like this one, please contact ctubb...@apache.org.