[jira] [Commented] (AMBARI-14236) HDFS and Yarn alerts in https mode when kerberos is disabled

Mon, 11 Jul 2016 15:12:19 -0700 

    [ 
https://issues.apache.org/jira/browse/AMBARI-14236?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15371750#comment-15371750
 ] 

Tuong Truong commented on AMBARI-14236:
---------------------------------------

Hi [~aonishuk], do you have any more background information on this problem 
that you are trying to fix?  This commit is forcing TLSv1 protocol is causing 
an issue with Ambari agent/server communication when we disable TLSv1 and 
TLSv1.1 in Java8.  
In Ambari's acitve JDK,  in java.security file, set 
jdk.tls.disabledAlgorithms=MD5, SSLv2, SSLv3, TLSv1, DSA, RC4, RSA keySize < 
2048
restart ambari-server, and you will see errors in ambari agent logs:

ERROR 2016-07-11 15:11:15,269 NetUtil.py:84 - [Errno 8] _ssl.c:492: EOF 
occurred in violation of protocol
ERROR 2016-07-11 15:11:15,269 NetUtil.py:85 - SSLError: Failed to connect. 
Please check openssl library versions.
Refer to: https://bugzilla.redhat.com/show_bug.cgi?id=1022468 for more details.


> HDFS and Yarn alerts in https mode when kerberos is disabled
> ------------------------------------------------------------
>
>                 Key: AMBARI-14236
>                 URL: https://issues.apache.org/jira/browse/AMBARI-14236
>             Project: Ambari
>          Issue Type: Bug
>            Reporter: Andrew Onischuk
>            Assignee: Andrew Onischuk
>             Fix For: 2.2.0
>
>
> From NN logs:
>     
>     
>     javax.net.ssl.SSLHandshakeException: SSLv2Hello is disabled
>             at 
> sun.security.ssl.InputRecord.handleUnknownRecord(InputRecord.java:637)
>             at sun.security.ssl.InputRecord.read(InputRecord.java:527)
>             at 
> sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:961)
>             at 
> sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1363)
>             at 
> sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1391)
>             at 
> sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1375)
>             at 
> org.mortbay.jetty.security.SslSocketConnector$SslConnection.run(SslSocketConnector.java:723)
>             at 
> org.mortbay.thread.QueuedThreadPool$PoolThread.run(QueuedThreadPool.java:582)
>     
> Please check the live cluster for debugging: <https://172.22.74.208:8080>



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Reply via email to