Sorabh Hamirwasia created DRILL-5643:
----------------------------------------
Summary: Provide a way to configure excluded list of protocols and
ciphers to be used by WebServer
Key: DRILL-5643
URL: https://issues.apache.org/jira/browse/DRILL-5643
Project: Apache Drill
Issue Type: Improvement
Components: Web Server
Affects Versions: 1.11.0
Reporter: Sorabh Hamirwasia
Drill's WebServer uses the default protocol for TLS which is TLSv1 and default
list of cipher suites when SSL is enabled. This task is to add capability to
configure list of protocols / cipher to exclude from being used by WebServer.
*Supported Protocols:*
enabledProtocols = {ProtocolList@6589} "[SSLv2Hello, TLSv1, TLSv1.1, TLSv1.2]”
*Selected Protocol Version:*
protocolVersion = {ProtocolVersion@6566} "TLSv1"
*Cipher Suites:*
cipherSuites = {ArrayList@6755} size = 36
0 = {CipherSuite@6607} "TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384"
1 = {CipherSuite@6608} "TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384"
2 = {CipherSuite@6609} "TLS_RSA_WITH_AES_256_CBC_SHA256"
3 = {CipherSuite@6610} "TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384"
4 = {CipherSuite@6611} "TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384"
5 = {CipherSuite@6612} "TLS_DHE_RSA_WITH_AES_256_CBC_SHA256"
6 = {CipherSuite@6613} "TLS_DHE_DSS_WITH_AES_256_CBC_SHA256"
7 = {CipherSuite@6614} "TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA"
8 = {CipherSuite@6615} "TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA"
9 = {CipherSuite@6616} "TLS_RSA_WITH_AES_256_CBC_SHA"
10 = {CipherSuite@6617} "TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA"
11 = {CipherSuite@6618} "TLS_ECDH_RSA_WITH_AES_256_CBC_SHA"
12 = {CipherSuite@6619} "TLS_DHE_RSA_WITH_AES_256_CBC_SHA"
13 = {CipherSuite@6620} "TLS_DHE_DSS_WITH_AES_256_CBC_SHA"
14 = {CipherSuite@6621} "TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256"
15 = {CipherSuite@6622} "TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256"
16 = {CipherSuite@6623} "TLS_RSA_WITH_AES_128_CBC_SHA256"
17 = {CipherSuite@6624} "TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256"
18 = {CipherSuite@6625} "TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256"
19 = {CipherSuite@6626} "TLS_DHE_RSA_WITH_AES_128_CBC_SHA256"
20 = {CipherSuite@6627} "TLS_DHE_DSS_WITH_AES_128_CBC_SHA256"
21 = {CipherSuite@6628} "TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA"
22 = {CipherSuite@6629} "TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA"
23 = {CipherSuite@6630} "TLS_RSA_WITH_AES_128_CBC_SHA"
24 = {CipherSuite@6631} "TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA"
25 = {CipherSuite@6632} "TLS_ECDH_RSA_WITH_AES_128_CBC_SHA"
26 = {CipherSuite@6633} "TLS_DHE_RSA_WITH_AES_128_CBC_SHA"
27 = {CipherSuite@6634} "TLS_DHE_DSS_WITH_AES_128_CBC_SHA"
28 = {CipherSuite@6635} "TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA"
29 = {CipherSuite@6636} "TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA"
30 = {CipherSuite@6637} "SSL_RSA_WITH_3DES_EDE_CBC_SHA"
31 = {CipherSuite@6638} "TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA"
32 = {CipherSuite@6639} "TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA"
33 = {CipherSuite@6640} "SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA"
34 = {CipherSuite@6641} "SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA"
35 = {CipherSuite@6642} "TLS_EMPTY_RENEGOTIATION_INFO_SCSV"
--
This message was sent by Atlassian JIRA
(v6.4.14#64029)
