[
https://issues.apache.org/jira/browse/HDDS-10819?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Wei-Chiu Chuang updated HDDS-10819:
-----------------------------------
Release Note:
Configuration
Added
ozone.ssl.enabled.protocols — Optional comma-separated list of TLS protocol
names to allow for HTTPS (Web UIs and S3 Gateway, per description). If unset,
ssl.enabled.protocols (Hadoop) continues to apply; default JVM/Jetty behavior
applies when only defaults are in effect.
Changed behavior (existing keys now honored on these HTTPS servers)
ssl.server.include.cipher.list — Included cipher suites are now applied
(together with ssl.server.exclude.cipher.list).
ssl.enabled.protocols — Allowed TLS protocols are now enforced on these HTTPS
connectors when configured (with ozone.ssl.enabled.protocols taking precedence
when explicitly set).
> Add ssl.server.include.cipher.list and ssl.enabled.protocols to HttpServer2
> setup
> ---------------------------------------------------------------------------------
>
> Key: HDDS-10819
> URL: https://issues.apache.org/jira/browse/HDDS-10819
> Project: Apache Ozone
> Issue Type: Sub-task
> Reporter: Szabolcs Gál
> Assignee: István Fajth
> Priority: Major
> Labels: pull-request-available
> Fix For: 2.2.0
>
>
> ssl.server.exclude.cipher.list is used to exclude some cryptographic
> algorithms but setting it up in a way that it restricts the usage to a few
> specified algorithms is desired but not trivial
> HADOOP-19546 added the {{ssl.server.include.cipher.list}} to HttpServer2 as a
> configuration option to setup a positive cipher list, while HADOOP-15169
> added the {{hadoop.ssl.enabled.protocols}} so we need to port these into our
> implementation to resolve this issue.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
