[ https://issues.apache.org/jira/browse/HADOOP-15169?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16948096#comment-16948096 ]
Wei-Chiu Chuang edited comment on HADOOP-15169 at 10/10/19 12:41 AM: --------------------------------------------------------------------- [~brahmareddy] After Jetty 9.2.4.v20141103 (which is the case after Hadoop 3.0), SSLv2Hello is excluded by default, and we have to explicitly reset excluded protocols otherwise your change won't take effect. I am attaching an updated patch with a test, which correctly add supported protocols specified. Please take a look. Note also that an optional include list of protocols can potentially disable vulnerable protocols in the future as well. was (Author: jojochuang): [~brahmareddy] After Jetty 9.2.4.v20141103 (which is the case after Hadoop 3.0), SSLv2Hello is excluded by default, and we have to explicitly reset excluded protocols otherwise your change won't take effect. I am attaching an updated patch with a test, which correctly add supported protocols specified. Please take a look. > "hadoop.ssl.enabled.protocols" should be considered in httpserver2 > ------------------------------------------------------------------ > > Key: HADOOP-15169 > URL: https://issues.apache.org/jira/browse/HADOOP-15169 > Project: Hadoop Common > Issue Type: Bug > Components: security > Reporter: Brahma Reddy Battula > Assignee: Brahma Reddy Battula > Priority: Major > Attachments: HADOOP-15169-branch-2.patch, HADOOP-15169.002.patch, > HADOOP-15169.patch > > > As of now *hadoop.ssl.enabled.protocols"* will not take effect for all the > http servers( only Datanodehttp server will use this config). -- This message was sent by Atlassian Jira (v8.3.4#803005) --------------------------------------------------------------------- To unsubscribe, e-mail: common-issues-unsubscr...@hadoop.apache.org For additional commands, e-mail: common-issues-h...@hadoop.apache.org