Repository: ranger Updated Branches: refs/heads/master f1a71e0a9 -> 6cf1471c2
RANGER-2131:Ranger UserSync port (ie 5151) supports TLSv1.0 Signed-off-by: Mehul Parikh <[email protected]> Project: http://git-wip-us.apache.org/repos/asf/ranger/repo Commit: http://git-wip-us.apache.org/repos/asf/ranger/commit/6cf1471c Tree: http://git-wip-us.apache.org/repos/asf/ranger/tree/6cf1471c Diff: http://git-wip-us.apache.org/repos/asf/ranger/diff/6cf1471c Branch: refs/heads/master Commit: 6cf1471c240930d33a4d3334a2d011a9dfd22ea8 Parents: f1a71e0 Author: Nikhil P <[email protected]> Authored: Thu Jun 14 18:43:24 2018 +0530 Committer: Mehul Parikh <[email protected]> Committed: Mon Jun 18 09:06:58 2018 +0530 ---------------------------------------------------------------------- unixauthservice/conf.dist/ranger-ugsync-default.xml | 4 ++++ .../ranger/authentication/UnixAuthenticationService.java | 8 ++++++-- 2 files changed, 10 insertions(+), 2 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/ranger/blob/6cf1471c/unixauthservice/conf.dist/ranger-ugsync-default.xml ---------------------------------------------------------------------- diff --git a/unixauthservice/conf.dist/ranger-ugsync-default.xml b/unixauthservice/conf.dist/ranger-ugsync-default.xml index c02be51..e2e014b 100644 --- a/unixauthservice/conf.dist/ranger-ugsync-default.xml +++ b/unixauthservice/conf.dist/ranger-ugsync-default.xml @@ -26,6 +26,10 @@ <value>true</value> </property> <property> + <name>ranger.usersync.https.ssl.enabled.protocols</name> + <value>SSLv2Hello, TLSv1, TLSv1.1, TLSv1.2</value> + </property> + <property> <name>ranger.usersync.passwordvalidator.path</name> <value>./native/credValidator.uexe</value> </property> http://git-wip-us.apache.org/repos/asf/ranger/blob/6cf1471c/unixauthservice/src/main/java/org/apache/ranger/authentication/UnixAuthenticationService.java ---------------------------------------------------------------------- diff --git a/unixauthservice/src/main/java/org/apache/ranger/authentication/UnixAuthenticationService.java b/unixauthservice/src/main/java/org/apache/ranger/authentication/UnixAuthenticationService.java index 6ed2174..45834f4 100644 --- a/unixauthservice/src/main/java/org/apache/ranger/authentication/UnixAuthenticationService.java +++ b/unixauthservice/src/main/java/org/apache/ranger/authentication/UnixAuthenticationService.java @@ -29,6 +29,7 @@ import java.net.Socket; import java.security.KeyStore; import java.security.SecureRandom; import java.util.ArrayList; +import java.util.Arrays; import java.util.HashSet; import java.util.List; import java.util.Properties; @@ -70,6 +71,7 @@ public class UnixAuthenticationService { private static final String CREDSTORE_FILENAME_PARAM = "ranger.usersync.credstore.filename"; private String keyStorePath; + private List<String> enabledProtocolsList; private String keyStorePathPassword; private String trustStorePath; private String trustStorePathPassword; @@ -191,7 +193,9 @@ public class UnixAuthenticationService { String SSLEnabledProp = prop.getProperty(SSL_ENABLED_PARAM); SSLEnabled = (SSLEnabledProp != null && (SSLEnabledProp.equalsIgnoreCase("true"))); - + String defaultEnabledProtocols = "SSLv2Hello, TLSv1, TLSv1.1, TLSv1.2"; + String enabledProtocols = prop.getProperty("ranger.usersync.https.ssl.enabled.protocols", defaultEnabledProtocols); + enabledProtocolsList=new ArrayList<String>(Arrays.asList(enabledProtocols.toUpperCase().trim().split("\\s*,\\s*"))); // LOG.info("Key:" + keyStorePath); // LOG.info("KeyPassword:" + keyStorePathPassword); // LOG.info("TrustStore:" + trustStorePath); @@ -273,7 +277,7 @@ public class UnixAuthenticationService { String[] protocols = secureSocket.getEnabledProtocols(); Set<String> allowedProtocols = new HashSet<String>(); for(String ep : protocols) { - if (! ep.toUpperCase().startsWith("SSLV3")) { + if (enabledProtocolsList.contains(ep.toUpperCase())){ LOG.info("Enabling Protocol: [" + ep + "]"); allowedProtocols.add(ep); }
