Venugopal Reddy K created HIVE-29606:
----------------------------------------
Summary: Support SSL include protocols and cipher suites for Hive
Metastore
Key: HIVE-29606
URL: https://issues.apache.org/jira/browse/HIVE-29606
Project: Hive
Issue Type: Bug
Components: Metastore, Security, Standalone Metastore
Reporter: Venugopal Reddy K
*[Background]*
Currently, HiveServer2 supports explicit SSL include cipher suite
configurations. However, the Hive Metastore lacks specific properties to
explicitly include or restrict allowed SSL protocols and cipher suites.
To improve security posture and allow administrators to enforce modern
cryptographic standards (e.g., forcing TLS 1.2+ or specific high-strength
ciphers), we should introduce the following configuration properties to HMS. *
{{{}hive.metastore.include.protocols{}}}: A comma-separated list of allowed
SSL/TLS protocols (e.g., {{{}TLSv1.2{}}}, {{{}TLSv1.3{}}}).
* {{{}hive.metastore.include.ciphersuites{}}}: A colon-separated list of
allowed SSL cipher suites.(e.g.,
TLS_RSA_WITH_AES_256_GCM_SHA384:TLS_AES_256_GCM_SHA384)
These properties should be applied when the Metastore is started in SSL mode.
*[Proposal]* # Add {{hive.metastore.include.protocols}} and
{{{}hive.metastore.include.ciphersuites{}}}{{{}{}}} to the HMS.
# Initialize with these configurations on SSL sockets.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
