[jira] [Work logged] (HIVE-25238) Make SSL cipher suites configurable for Hive Web UI and HS2

Tue, 15 Jun 2021 02:37:05 -0700 


     [ 
https://issues.apache.org/jira/browse/HIVE-25238?focusedWorklogId=611203&page=com.atlassian.jira.plugin.system.issuetabpanels:worklog-tabpanel#worklog-611203
 ]

ASF GitHub Bot logged work on HIVE-25238:
-----------------------------------------

                Author: ASF GitHub Bot
            Created on: 15/Jun/21 09:36
            Start Date: 15/Jun/21 09:36
    Worklog Time Spent: 10m 
      Work Description: yongzhi commented on a change in pull request #2385:
URL: https://github.com/apache/hive/pull/2385#discussion_r651621053



##########
File path: common/src/java/org/apache/hadoop/hive/conf/HiveConf.java
##########
@@ -4183,9 +4186,14 @@ private static void 
populateLlapDaemonVarsSet(Set<String> llapDaemonVarsSetLocal
     HIVE_SERVER2_SSL_KEYSTORE_PASSWORD("hive.server2.keystore.password", "",
         "SSL certificate keystore password."),
     HIVE_SERVER2_SSL_KEYSTORE_TYPE("hive.server2.keystore.type", "",
-            "SSL certificate keystore type."),
+        "SSL certificate keystore type."),
     
HIVE_SERVER2_SSL_KEYMANAGERFACTORY_ALGORITHM("hive.server2.keymanagerfactory.algorithm",
 "",
-            "SSL certificate keystore algorithm."),
+        "SSL certificate keystore algorithm."),
+    
HIVE_SERVER2_SSL_HTTP_EXCLUDE_CIPHERSUITES("hive.server2.http.exclude.ciphersuites",
 "",

Review comment:
       No, for binary Thrift, it uses TSSLTransportFactory.getServerSocket 
which does not support excluding cipher suites. The setting for HTTP 
(webui/hs2) can be different from binary as they have different clients.




-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

For queries about this service, please contact Infrastructure at:
[email protected]


Issue Time Tracking
-------------------

    Worklog Id:     (was: 611203)
    Time Spent: 0.5h  (was: 20m)

> Make SSL cipher suites configurable for Hive Web UI and HS2
> -----------------------------------------------------------
>
>                 Key: HIVE-25238
>                 URL: https://issues.apache.org/jira/browse/HIVE-25238
>             Project: Hive
>          Issue Type: Improvement
>          Components: HiveServer2, Web UI
>            Reporter: Yongzhi Chen
>            Assignee: Yongzhi Chen
>            Priority: Major
>              Labels: pull-request-available
>          Time Spent: 0.5h
>  Remaining Estimate: 0h
>
> When starting a jetty http server, one can explicitly exclude certain 
> (unsecure)
> SSL cipher suites. This can be especially important, when Hive
> needs to be compliant with security regulations. Need add properties to 
> support Hive WebUi and HiveServer2 to this
> For Hive Binary Cli Server, we can set include certain SSL cipher suites. 



--
This message was sent by Atlassian Jira
(v8.3.4#803005)

Reply via email to