[
https://issues.apache.org/jira/browse/HDFS-2386?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13232875#comment-13232875
]
Joey Echeverria commented on HDFS-2386:
---------------------------------------
>From testing I've been doing it looks like KSSL won't work without at least
>one of the DES encryption types enabled (e.g. DES_CBC_CRC). This looks like
>it's caused by a bug in the JDK. Basically, AES and RC4 don't pad unless they
>encrypt a message which is not a multiple of a block. However, the JDK is
>assuming that the PreMasterSecret will be padded and assumes that the last
>byte in the decrypted secret is the length of the padding. When using AES or
>RC4, this ends up being a random byte and usually will cause the JDK to end up
>with an invalid PreMasterSecret. In defense of this, the JDK generates a
>random secret that then caused the handshake to fail later on. I need to do
>some more testing with another version of Kerberos, but I plan on filing a JDK
>bug.
> with security enabled fsck calls lead to handshake_failure and hftp fails
> throwing the same exception in the logs
> -----------------------------------------------------------------------------------------------------------------
>
> Key: HDFS-2386
> URL: https://issues.apache.org/jira/browse/HDFS-2386
> Project: Hadoop HDFS
> Issue Type: Bug
> Affects Versions: 0.20.205.0
> Reporter: Arpit Gupta
>
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators:
https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
