[
https://issues.apache.org/jira/browse/HBASE-25993?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Mate Szalay-Beko updated HBASE-25993:
-------------------------------------
Summary: Make excluded SSL cipher suites configurable for all Web UIs
(was: Make excluded cipher suites configurable for all Web UIs)
> Make excluded SSL cipher suites configurable for all Web UIs
> ------------------------------------------------------------
>
> Key: HBASE-25993
> URL: https://issues.apache.org/jira/browse/HBASE-25993
> Project: HBase
> Issue Type: Improvement
> Affects Versions: 3.0.0-alpha-1, 2.2.7, 2.5.0, 2.3.5, 2.4.4
> Reporter: Mate Szalay-Beko
> Assignee: Mate Szalay-Beko
> Priority: Major
>
> When starting a jetty http server, one can explicitly exclude certain
> (unsecure) SSL cipher suites. This can be especially important, when the
> HBase cluster needs to be compliant with security regulations (e.g. FIPS).
> Currently it is possible to set the excluded ciphers for the ThriftServer
> ("hbase.thrift.ssl.exclude.cipher.suites") or for the RestServer
> ("hbase.rest.ssl.exclude.cipher.suites"), but one can not configure it for
> the regular InfoServer started by e.g. the master or region servers.
> In this commit I want to introduce a new configuration
> "ssl.server.exclude.cipher.list" to configure the excluded cipher suites for
> the http server started by the InfoServer. This parameter has the same name
> and will work in the same way, as it was already implemented in hadoop (e.g.
> for hdfs/yarn). See: HADOOP-12668, HADOOP-14341
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
