[ https://issues.apache.org/jira/browse/HADOOP-16000?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16721962#comment-16721962 ]
Hudson commented on HADOOP-16000: --------------------------------- SUCCESS: Integrated in Jenkins build Hadoop-trunk-Commit #15613 (See [https://builds.apache.org/job/Hadoop-trunk-Commit/15613/]) HADOOP-16000. Remove TLSv1 and SSLv2Hello from the default value of (aajisaka: rev 1ea29b7385bc1545d7aa452549073d81f0c24b36) * (edit) hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/security/ssl/SSLFactory.java * (edit) hadoop-common-project/hadoop-common/src/main/resources/core-default.xml > Remove TLSv1 and SSLv2Hello from the default value of > hadoop.ssl.enabled.protocols > ---------------------------------------------------------------------------------- > > Key: HADOOP-16000 > URL: https://issues.apache.org/jira/browse/HADOOP-16000 > Project: Hadoop Common > Issue Type: Improvement > Components: security > Reporter: Akira Ajisaka > Assignee: Gabor Bota > Priority: Major > Fix For: 3.3.0 > > Attachments: HADOOP-16000.001.patch, HADOOP-16000.002.patch > > > {code:title=core-default.xml} > public static final String SSL_ENABLED_PROTOCOLS_DEFAULT = > "TLSv1,SSLv2Hello,TLSv1.1,TLSv1.2"; > {code} > TLSv1 and SSLv2Hello are considered to be vulnerable. Let's remove these by > default. -- This message was sent by Atlassian JIRA (v7.6.3#76005) --------------------------------------------------------------------- To unsubscribe, e-mail: common-issues-unsubscr...@hadoop.apache.org For additional commands, e-mail: common-issues-h...@hadoop.apache.org