K0K0V0K commented on code in PR #7629: URL: https://github.com/apache/hadoop/pull/7629#discussion_r2049658315
########## hadoop-common-project/hadoop-common/src/main/conf/ssl-server.xml.example: ########## @@ -82,7 +82,43 @@ SSL_RSA_EXPORT_WITH_RC4_40_MD5,SSL_RSA_EXPORT_WITH_DES40_CBC_SHA, SSL_RSA_WITH_RC4_128_MD5</value> <description>Optional. The weak security cipher suites that you want excluded - from SSL communication.</description> + from SSL communication. + Both ssl.server.include.cipher.list and ssl.server.exclude.cipher.list can be used simultaneously + to fine-tune the cipher suites utilized by Hadoop services. + If a cipher suite is present in both the inclusion and exclusion lists, it will be denied. + </description> +</property> + +<property> + <name>ssl.server.include.cipher.list</name> + <value>TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384, TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384, Review Comment: That is the full list what is supported by my **org.eclipse.jetty.util.ssl.SslContextFactory**. I will reduce this to the safety ones. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected] --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
