[ https://issues.apache.org/jira/browse/HADOOP-15169?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16718809#comment-16718809 ]
Akira Ajisaka commented on HADOOP-15169: ---------------------------------------- In Apache Hadoop 3.x, the Jetty version is greater than 9.3.12 and it only accepts TLS 1.2 by default. I don't want to add a setting to accept TLS 1.1 or older protocols to create a security hole for now. When we have migrated to Java 11 and Jetty 9.4.x to use TLS 1.3, then we can add the setting for Jetty server. On the other hand, in Apache Hadoop 2.x, adding the setting for HttpServer2 makes sense to me. That way we can avoid using SSLv2Hello, TLSv1, or TLSv1.1 in HttpServer2. > "hadoop.ssl.enabled.protocols" should be considered in httpserver2 > ------------------------------------------------------------------ > > Key: HADOOP-15169 > URL: https://issues.apache.org/jira/browse/HADOOP-15169 > Project: Hadoop Common > Issue Type: Bug > Components: security > Reporter: Brahma Reddy Battula > Assignee: Brahma Reddy Battula > Priority: Major > Attachments: HADOOP-15169-branch-2.patch, HADOOP-15169.patch > > > As of now *hadoop.ssl.enabled.protocols"* will not take effect for all the > http servers( only Datanodehttp server will use this config). -- This message was sent by Atlassian JIRA (v7.6.3#76005) --------------------------------------------------------------------- To unsubscribe, e-mail: common-issues-unsubscr...@hadoop.apache.org For additional commands, e-mail: common-issues-h...@hadoop.apache.org