[jira] [Created] (HDFS-15824) Update to enable TLS >=1.2 as default secure protocols

Ying Zhang (Jira) Sat, 06 Feb 2021 06:07:08 -0800

Ying Zhang created HDFS-15824:
---------------------------------

             Summary: Update to enable TLS >=1.2 as default secure protocols 
                 Key: HDFS-15824
                 URL: https://issues.apache.org/jira/browse/HDFS-15824
             Project: Hadoop HDFS
          Issue Type: Improvement
          Components: contrib/hdfsproxy
            Reporter: Ying Zhang



in file 
src/contrib/hdfsproxy/src/java/org/apache/hadoop/hdfsproxy/ProxyUtil.java, line 
125, the SSL protocol is used in statement:  SSLContext sc = 
SSLContext.getInstance("SSL");

*Impact:* 

An SSL DDoS attack targets the SSL handshake protocol either by sending 
worthless data to the SSL server which will result in connection issues for 
legitimate users or by abusing the SSL handshake protocol itself.

*Suggestions:*

Upgrade the implementation to the “TLS”, and configure https.protocols JVM 
option to include TLSv1.2:

*Useful links:*

[https://blogs.oracle.com/java-platform-group/diagnosing-tls,-ssl,-and-https]

[https://www.appmarq.com/public/tqi,1039002,CWE-319-Avoid-using-Deprecated-SSL-protocols-to-secure-connection]

*Please share with us your opinions/comments if there is any:*

Is the bug report helpful?



--
This message was sent by Atlassian Jira
(v8.3.4#803005)

---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

[jira] [Created] (HDFS-15824) Update to enable TLS >=1.2 as default secure protocols

Reply via email to