[
https://issues.apache.org/jira/browse/HADOOP-14083?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15868443#comment-15868443
]
Allen Wittenauer commented on HADOOP-14083:
-------------------------------------------
It seems like a really bad idea to support weak SSL ciphers given KMS is for
security. In the specific case of curl, I'm 99% certain that curl's cipher
usage is specifically tied to the version of OpenSSL in use as well as what
options are used on the command line. (This is one of the reasons why many
people build their own versions of curl, etc on systems such as OS X, which are
known to have old versions of OpenSSL installed.)
> KMS should support old SSL clients
> ----------------------------------
>
> Key: HADOOP-14083
> URL: https://issues.apache.org/jira/browse/HADOOP-14083
> Project: Hadoop Common
> Issue Type: Improvement
> Components: kms
> Affects Versions: 2.8.0, 2.7.4, 2.6.6
> Reporter: John Zhuge
> Assignee: John Zhuge
> Priority: Minor
>
> HADOOP-13812 upgraded Tomcat to 6.0.48 which filters weak ciphers. Old SSL
> clients such as curl stop working. The symptom is {{NSS error -12286}} when
> running {{curl -v}}.
> Instead of forcing the SSL clients to upgrade, we can configure Tomcat to
> explicitly allow enough weak ciphers so that old SSL clients can work.
--
This message was sent by Atlassian JIRA
(v6.3.15#6346)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
