[
https://issues.apache.org/jira/browse/AMBARI-17666?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Sumit Mohanty reopened AMBARI-17666:
------------------------------------
> Ambari agent can't start when TLSv1 is disabled in Java security
> ----------------------------------------------------------------
>
> Key: AMBARI-17666
> URL: https://issues.apache.org/jira/browse/AMBARI-17666
> Project: Ambari
> Issue Type: Bug
> Components: ambari-agent
> Affects Versions: 2.2.0
> Reporter: Tuong Truong
> Assignee: Dmitry Lysnichenko
> Labels: security
> Fix For: 2.5.0
>
>
> Currently, the commit for https://issues.apache.org/jira/browse/AMBARI-14236
> explicit force the SSL protocol to TLSv1 in
> ambari-agent/src/main/python/ambari_agent/alerts/web_alert.py. Unfortunate,
> this setting in effect whenever web_alert pacackged is loaded
> (ambari-agent/src/main/python/ambari_agent/AlertSchedulerHandler.py)
> regardless whether ssl is used or not.
> As a result, disabling TLSv1 in Ambari server will cause the agent to fail to
> start.
> Recreate:
> In Ambari's acitve JDK on Ambari server node, in java.security file, set
> jdk.tls.disabledAlgorithms=MD5, SSLv2, SSLv3, TLSv1, DSA, RC4, RSA keySize <
> 2048
> restart ambari-server, and you will see errors in ambari agent logs:
> ERROR 2016-07-11 15:11:15,269 NetUtil.py:84 - [Errno 8] _ssl.c:492: EOF
> occurred in violation of protocol
> ERROR 2016-07-11 15:11:15,269 NetUtil.py:85 - SSLError: Failed to connect.
> Please check openssl library versions.
> Refer to: https://bugzilla.redhat.com/show_bug.cgi?id=1022468 for more
> details.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
