[ https://issues.apache.org/jira/browse/HADOOP-14340?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
John Zhuge updated HADOOP-14340: -------------------------------- Attachment: HADOOP-14340.001.patch Patch 001 * Call excludeCiphers in loadSSLConfiguration Test log {noformat} # Start KMS and HttpFS using the configuration in config/ssl $ ./pseudo_dist start config/ssl … $ sslscan 127.0.0.1:9600 > /tmp/kms.ssl $ sslscan 127.0.0.1:14000 > /tmp/httpfs.ssl # Restart KMS and HttpFS using the configuration in config/ssl_1 $ ./pseudo_dist restart config/ssl_1 … $ sslscan 127.0.0.1:9600 > /tmp/kms.ssl_1 $ sslscan 127.0.0.1:14000 > /tmp/httpfs.ssl_1 # The only difference between the 2 config dirs is the extra cipher to exclude $ diff config/{ssl,ssl_1}/ssl-server.xml 60a61 > TLS_RSA_WITH_AES_128_GCM_SHA256, # The extra cipher is properly excluded by KMS $ diff /tmp/kms.ssl /tmp/kms.ssl_1 31d30 < Accepted TLSv1.2 128 bits AES128-GCM-SHA256 # The extra cipher is properly excluded by HttpFS $ diff /tmp/httpfs.ssl /tmp/httpfs.ssl_1 31d30 < Accepted TLSv1.2 128 bits AES128-GCM-SHA256 {noformat} > Enable KMS and HttpFS to exclude SSL ciphers > -------------------------------------------- > > Key: HADOOP-14340 > URL: https://issues.apache.org/jira/browse/HADOOP-14340 > Project: Hadoop Common > Issue Type: Improvement > Components: kms > Affects Versions: 3.0.0-alpha2 > Reporter: John Zhuge > Assignee: John Zhuge > Priority: Minor > Attachments: HADOOP-14340.001.patch > > > HADOOP-12668 added {{HttpServer2$Builder#excludeCiphers}} to exclude SSL > ciphers. Enable KMS and HttpFS to use this feature by modifying > {{HttpServer2$Builder#loadSSLConfiguration}} calld by both. -- This message was sent by Atlassian JIRA (v6.3.15#6346) --------------------------------------------------------------------- To unsubscribe, e-mail: common-issues-unsubscr...@hadoop.apache.org For additional commands, e-mail: common-issues-h...@hadoop.apache.org