[
https://issues.apache.org/jira/browse/HADOOP-15169?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16948096#comment-16948096
]
Wei-Chiu Chuang edited comment on HADOOP-15169 at 10/10/19 12:41 AM:
---------------------------------------------------------------------
[~brahmareddy] After Jetty 9.2.4.v20141103 (which is the case after Hadoop
3.0), SSLv2Hello is excluded by default, and we have to explicitly reset
excluded protocols otherwise your change won't take effect.
I am attaching an updated patch with a test, which correctly add supported
protocols specified. Please take a look.
Note also that an optional include list of protocols can potentially disable
vulnerable protocols in the future as well.
was (Author: jojochuang):
[~brahmareddy] After Jetty 9.2.4.v20141103 (which is the case after Hadoop
3.0), SSLv2Hello is excluded by default, and we have to explicitly reset
excluded protocols otherwise your change won't take effect.
I am attaching an updated patch with a test, which correctly add supported
protocols specified. Please take a look.
> "hadoop.ssl.enabled.protocols" should be considered in httpserver2
> ------------------------------------------------------------------
>
> Key: HADOOP-15169
> URL: https://issues.apache.org/jira/browse/HADOOP-15169
> Project: Hadoop Common
> Issue Type: Bug
> Components: security
> Reporter: Brahma Reddy Battula
> Assignee: Brahma Reddy Battula
> Priority: Major
> Attachments: HADOOP-15169-branch-2.patch, HADOOP-15169.002.patch,
> HADOOP-15169.patch
>
>
> As of now *hadoop.ssl.enabled.protocols"* will not take effect for all the
> http servers( only Datanodehttp server will use this config).
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
---------------------------------------------------------------------
To unsubscribe, e-mail: common-issues-unsubscr...@hadoop.apache.org
For additional commands, e-mail: common-issues-h...@hadoop.apache.org
