symat opened a new pull request #3375:
URL: https://github.com/apache/hbase/pull/3375
When starting a jetty http server, one can explicitly exclude certain
(unsecure) SSL cipher suites. This can be especially important, when the HBase
cluster needs to be compliant with security regulations (e.g. FIPS).
Currently it is possible to set the excluded ciphers for the ThriftServer
("hbase.thrift.ssl.exclude.cipher.suites") or for the RestServer
("hbase.rest.ssl.exclude.cipher.suites"), but one can not configure it for the
regular InfoServer started by e.g. the master or region servers.
In this commit I want to introduce a new configuration
"ssl.server.exclude.cipher.list" to configure the excluded cipher suites for
the http server started by the InfoServer. This parameter has the same name and
will work in the same way, as it was already implemented in hadoop (e.g. for
hdfs/yarn). See: HADOOP-12668, HADOOP-14341
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
[email protected]
