[jira] [Commented] (AMBARI-20583) Allow for larger Ephemeral DH Keys in Ambari server running on JVM versions 1.8 and above

Tue, 28 Mar 2017 11:22:12 -0700 

    [ 
https://issues.apache.org/jira/browse/AMBARI-20583?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15945665#comment-15945665
 ] 

Hudson commented on AMBARI-20583:
---------------------------------

SUCCESS: Integrated in Jenkins build Ambari-trunk-Commit #7171 (See 
[https://builds.apache.org/job/Ambari-trunk-Commit/7171/])
AMBARI-20583. Allow for larger Ephemeral DH Keys in Ambari server (smagyari: 
[http://git-wip-us.apache.org/repos/asf?p=ambari.git&a=commit&h=165ec700f0f4e5c83a30bb7591df0fa1a8cfec9a])
* (edit) 
ambari-server/src/test/java/org/apache/ambari/server/configuration/ConfigurationTest.java
* (edit) ambari-server/docs/configuration/index.md
* (edit) 
ambari-server/src/main/java/org/apache/ambari/server/controller/AmbariServer.java
* (edit) 
ambari-server/src/main/java/org/apache/ambari/server/configuration/Configuration.java


> Allow for larger Ephemeral DH Keys in Ambari server running on JVM versions 
> 1.8 and above     
> ------------------------------------------------------------------------------------------
>
>                 Key: AMBARI-20583
>                 URL: https://issues.apache.org/jira/browse/AMBARI-20583
>             Project: Ambari
>          Issue Type: Task
>          Components: ambari-server
>    Affects Versions: 2.5.1
>            Reporter: Attila Magyar
>            Assignee: Attila Magyar
>             Fix For: 2.5.1
>
>         Attachments: AMBARI-20583.patch
>
>
> Allow for larger Ephemeral DH Keys in Ambari server running on JVM versions 
> 1.8 and above.
> This can already be done by manually editing the ambari-env.sh file 
> (/var/lib/ambari-server/ambari-env.sh) and adding the following to the 
> AMBARI_JVM_ARGS environment variable:
> -Djdk.tls.ephemeralDHKeySize=2048
> The jdk.tls.ephemeralDHKeySize property is only available in Java VM versions 
> 1.8 and above. However it may not be supported in by all Java vendors. Both 
> Oracle and OpenJDK JVM appear to support it.
> See 
> https://docs.oracle.com/javase/8/docs/technotes/guides/security/jsse/JSSERefGuide.html#customizing_dh_keys
>  for more information.
> To help users set this value, Ambari should provide a property in the 
> ambari.properties file. If a supported JVM is in use, Ambari should 
> internally set the System property (before creating the embedded web server) 
> as specified by the user. A possible Ambari property name could be 
> security.server.tls.ephemeral_dh_key_size. If not set, it's default value 
> should be 2048.
> To test the Ephemeral DH key size, the OpenSSL s_client utility may be used 
> to query the Ambari server's HTTPS port(s):
> openssl s_client -connect `hostname -f`:8441 -cipher "EDH"



--
This message was sent by Atlassian JIRA
(v6.3.15#6346)

Reply via email to