[
https://issues.apache.org/jira/browse/HADOOP-15169?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16718809#comment-16718809
]
Akira Ajisaka commented on HADOOP-15169:
----------------------------------------
In Apache Hadoop 3.x, the Jetty version is greater than 9.3.12 and it only
accepts TLS 1.2 by default. I don't want to add a setting to accept TLS 1.1 or
older protocols to create a security hole for now. When we have migrated to
Java 11 and Jetty 9.4.x to use TLS 1.3, then we can add the setting for Jetty
server.
On the other hand, in Apache Hadoop 2.x, adding the setting for HttpServer2
makes sense to me. That way we can avoid using SSLv2Hello, TLSv1, or TLSv1.1 in
HttpServer2.
> "hadoop.ssl.enabled.protocols" should be considered in httpserver2
> ------------------------------------------------------------------
>
> Key: HADOOP-15169
> URL: https://issues.apache.org/jira/browse/HADOOP-15169
> Project: Hadoop Common
> Issue Type: Bug
> Components: security
> Reporter: Brahma Reddy Battula
> Assignee: Brahma Reddy Battula
> Priority: Major
> Attachments: HADOOP-15169-branch-2.patch, HADOOP-15169.patch
>
>
> As of now *hadoop.ssl.enabled.protocols"* will not take effect for all the
> http servers( only Datanodehttp server will use this config).
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
---------------------------------------------------------------------
To unsubscribe, e-mail: common-issues-unsubscr...@hadoop.apache.org
For additional commands, e-mail: common-issues-h...@hadoop.apache.org
