AMBARI-18910. SSL/TLS protocols should be explicitly enabled and then filtered when Ambari starts up (rlevas)
Project: http://git-wip-us.apache.org/repos/asf/ambari/repo Commit: http://git-wip-us.apache.org/repos/asf/ambari/commit/430ecee6 Tree: http://git-wip-us.apache.org/repos/asf/ambari/tree/430ecee6 Diff: http://git-wip-us.apache.org/repos/asf/ambari/diff/430ecee6 Branch: refs/heads/branch-feature-AMBARI-18901 Commit: 430ecee6139c413faee7a8ed14a988181688cd54 Parents: 745d105 Author: Robert Levas <[email protected]> Authored: Wed Nov 16 14:42:23 2016 -0500 Committer: Robert Levas <[email protected]> Committed: Wed Nov 16 14:42:23 2016 -0500 ---------------------------------------------------------------------- .../java/org/apache/ambari/server/controller/AmbariServer.java | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/ambari/blob/430ecee6/ambari-server/src/main/java/org/apache/ambari/server/controller/AmbariServer.java ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/java/org/apache/ambari/server/controller/AmbariServer.java b/ambari-server/src/main/java/org/apache/ambari/server/controller/AmbariServer.java index 537ebc5..a581c19 100644 --- a/ambari-server/src/main/java/org/apache/ambari/server/controller/AmbariServer.java +++ b/ambari-server/src/main/java/org/apache/ambari/server/controller/AmbariServer.java @@ -788,7 +788,7 @@ public class AmbariServer { private void disableInsecureProtocols(SslContextFactory factory) { // by default all protocols should be available factory.setExcludeProtocols(); - factory.setIncludeProtocols(new String[] { "SSLv2Hello", "TLSv1" }); + factory.setIncludeProtocols(new String[] {"SSLv2Hello","SSLv3","TLSv1","TLSv1.1","TLSv1.2"}); if (!configs.getSrvrDisabledCiphers().isEmpty()) { String[] masks = configs.getSrvrDisabledCiphers().split(DISABLED_ENTRIES_SPLITTER);
