[jira] [Commented] (KUDU-2190) webserver HTTPS/TLS cipher list is insecure on RHEL 6

Dan Burkert (JIRA) Mon, 16 Oct 2017 16:35:13 -0700

    [ 
https://issues.apache.org/jira/browse/KUDU-2190?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16206778#comment-16206778
 ]


Dan Burkert commented on KUDU-2190:
-----------------------------------

https://gerrit.cloudera.org/#/c/8286/

> webserver HTTPS/TLS cipher list is insecure on RHEL 6
> -----------------------------------------------------
>
>                 Key: KUDU-2190
>                 URL: https://issues.apache.org/jira/browse/KUDU-2190
>             Project: Kudu
>          Issue Type: Bug
>          Components: server
>    Affects Versions: 1.5.0
>            Reporter: Dan Burkert
>            Priority: Blocker
>              Labels: security
>
> We aren't overriding the default cipher list for the webserver, so it's 
> defaulting to the OpenSSL default cipher suite for the platform.  On RHEL 6, 
> this suite contains 3DES, RC4 and other undesirables.



--
This message was sent by Atlassian JIRA
(v6.4.14#64029)

[jira] [Commented] (KUDU-2190) webserver HTTPS/TLS cipher list is insecure on RHEL 6

Reply via email to