[ https://issues.apache.org/jira/browse/HDFS-15824?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17280748#comment-17280748 ]
Akira Ajisaka commented on HDFS-15824: -------------------------------------- This repository is no longer maintained. [https://github.com/apache/hadoop-hdfs] I asked ASF infra team to archive this (INFRA-21399). > Update to enable TLS >=1.2 as default secure protocols > ------------------------------------------------------- > > Key: HDFS-15824 > URL: https://issues.apache.org/jira/browse/HDFS-15824 > Project: Hadoop HDFS > Issue Type: Improvement > Components: contrib/hdfsproxy > Reporter: Vicky Zhang > Priority: Major > > in file > src/contrib/hdfsproxy/src/java/org/apache/hadoop/hdfsproxy/ProxyUtil.java, > line 125, the SSL protocol is used in statement: SSLContext sc = > SSLContext.getInstance("SSL"); > *Impact:* > An SSL DDoS attack targets the SSL handshake protocol either by sending > worthless data to the SSL server which will result in connection issues for > legitimate users or by abusing the SSL handshake protocol itself. > *Suggestions:* > Upgrade the implementation to the “TLS”, and configure https.protocols JVM > option to include TLSv1.2: > *Useful links:* > [https://blogs.oracle.com/java-platform-group/diagnosing-tls,-ssl,-and-https] > [https://www.appmarq.com/public/tqi,1039002,CWE-319-Avoid-using-Deprecated-SSL-protocols-to-secure-connection] > *Please share with us your opinions/comments if there is any:* > Is the bug report helpful? -- This message was sent by Atlassian Jira (v8.3.4#803005) --------------------------------------------------------------------- To unsubscribe, e-mail: hdfs-issues-unsubscr...@hadoop.apache.org For additional commands, e-mail: hdfs-issues-h...@hadoop.apache.org