[
https://issues.apache.org/jira/browse/HADOOP-14340?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
John Zhuge updated HADOOP-14340:
--------------------------------
Attachment: HADOOP-14340.001.patch
Patch 001
* Call excludeCiphers in loadSSLConfiguration
Test log
{noformat}
# Start KMS and HttpFS using the configuration in config/ssl
$ ./pseudo_dist start config/ssl
…
$ sslscan 127.0.0.1:9600 > /tmp/kms.ssl
$ sslscan 127.0.0.1:14000 > /tmp/httpfs.ssl
# Restart KMS and HttpFS using the configuration in config/ssl_1
$ ./pseudo_dist restart config/ssl_1
…
$ sslscan 127.0.0.1:9600 > /tmp/kms.ssl_1
$ sslscan 127.0.0.1:14000 > /tmp/httpfs.ssl_1
# The only difference between the 2 config dirs is the extra cipher to exclude
$ diff config/{ssl,ssl_1}/ssl-server.xml
60a61
> TLS_RSA_WITH_AES_128_GCM_SHA256,
# The extra cipher is properly excluded by KMS
$ diff /tmp/kms.ssl /tmp/kms.ssl_1
31d30
< Accepted TLSv1.2 128 bits AES128-GCM-SHA256
# The extra cipher is properly excluded by HttpFS
$ diff /tmp/httpfs.ssl /tmp/httpfs.ssl_1
31d30
< Accepted TLSv1.2 128 bits AES128-GCM-SHA256
{noformat}
> Enable KMS and HttpFS to exclude SSL ciphers
> --------------------------------------------
>
> Key: HADOOP-14340
> URL: https://issues.apache.org/jira/browse/HADOOP-14340
> Project: Hadoop Common
> Issue Type: Improvement
> Components: kms
> Affects Versions: 3.0.0-alpha2
> Reporter: John Zhuge
> Assignee: John Zhuge
> Priority: Minor
> Attachments: HADOOP-14340.001.patch
>
>
> HADOOP-12668 added {{HttpServer2$Builder#excludeCiphers}} to exclude SSL
> ciphers. Enable KMS and HttpFS to use this feature by modifying
> {{HttpServer2$Builder#loadSSLConfiguration}} calld by both.
--
This message was sent by Atlassian JIRA
(v6.3.15#6346)
---------------------------------------------------------------------
To unsubscribe, e-mail: common-issues-unsubscr...@hadoop.apache.org
For additional commands, e-mail: common-issues-h...@hadoop.apache.org
