[jira] [Commented] (KNOX-566) Make the Default Ephemeral DH Key Size 2048 with Ability to Override
[ https://issues.apache.org/jira/browse/KNOX-566?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=14629634#comment-14629634 ] Jeffrey E Rodriguez commented on KNOX-566: --- I can't be addressed for older JDK's. Furthermore customer should not be in older JDK versions that don't have security patches up to date. Make the Default Ephemeral DH Key Size 2048 with Ability to Override Key: KNOX-566 URL: https://issues.apache.org/jira/browse/KNOX-566 Project: Apache Knox Issue Type: Bug Affects Versions: 0.5.0 Environment: Red Hat Enterprise Linux Server release 6.4 (Santiago) Reporter: Jeffrey E Rodriguez Assignee: Larry McCay Fix For: 0.7.0 Attachments: KNOX-566-001.patch See description of logjam The Logjam Attack https://weakdh.org/ To test you should do: [root@bdvs1392 logs]# openssl s_client -connect bdvs1392.svl.ibm.com:8443 -cipher EDH | grep Server Temp Key depth=0 C = US, ST = Test, L = Test, O = Hadoop, OU = Test, CN = bdvs1392.svl.ibm.com verify error:num=18:self signed certificate verify return:1 depth=0 C = US, ST = Test, L = Test, O = Hadoop, OU = Test, CN = bdvs1392.svl.ibm.com verify return:1 Server Temp Key: DH, 768 bits The key should = 1024 -- This message was sent by Atlassian JIRA (v6.3.4#6332)
[jira] [Commented] (KNOX-566) Make the Default Ephemeral DH Key Size 2048 with Ability to Override
[ https://issues.apache.org/jira/browse/KNOX-566?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=14629845#comment-14629845 ] ASF subversion and git services commented on KNOX-566: -- Commit 7cbdce569c99306139ffaf000c95bef906f22259 in knox's branch refs/heads/v0.6.0 from [~lmccay] [ https://git-wip-us.apache.org/repos/asf?p=knox.git;h=7cbdce5 ] KNOX-566 - Make the Default Ephemeral DH Key Size 2048 for TLS Make the Default Ephemeral DH Key Size 2048 with Ability to Override Key: KNOX-566 URL: https://issues.apache.org/jira/browse/KNOX-566 Project: Apache Knox Issue Type: Bug Affects Versions: 0.5.0 Environment: Red Hat Enterprise Linux Server release 6.4 (Santiago) Reporter: Jeffrey E Rodriguez Assignee: Larry McCay Fix For: 0.7.0 Attachments: KNOX-566-001.patch See description of logjam The Logjam Attack https://weakdh.org/ To test you should do: [root@bdvs1392 logs]# openssl s_client -connect bdvs1392.svl.ibm.com:8443 -cipher EDH | grep Server Temp Key depth=0 C = US, ST = Test, L = Test, O = Hadoop, OU = Test, CN = bdvs1392.svl.ibm.com verify error:num=18:self signed certificate verify return:1 depth=0 C = US, ST = Test, L = Test, O = Hadoop, OU = Test, CN = bdvs1392.svl.ibm.com verify return:1 Server Temp Key: DH, 768 bits The key should = 1024 -- This message was sent by Atlassian JIRA (v6.3.4#6332)
[jira] [Created] (KNOX-570) Knox support for HiveServer2 HA
Sumit Gupta created KNOX-570: Summary: Knox support for HiveServer2 HA Key: KNOX-570 URL: https://issues.apache.org/jira/browse/KNOX-570 Project: Apache Knox Issue Type: New Feature Components: Server Affects Versions: 0.7.0 Reporter: Sumit Gupta Assignee: Sumit Gupta Fix For: 0.7.0 As of Knox 0.5.0, support for WebHDFS HA is available through configuration of a HA provider and multiple URLs specified for the WEBHDFS service. There is a desire to provide similar support in Knox for HiveServer2 HA. HiveServer2 HA has a different implementation than WebHDFS HA in that the server information is meant to be looked up via Zookeeper. The configuration information involved is typically a Zookeeper ensemble and a Zookeeper namespace to lookup the registered HiveServer2 information. The JDBC client (Hive) today uses this looked up information to randomly pick a server to then send the actual request to. In a failover scenario, the client also keeps track of the server that has failed and picks another server at random from the list of servers retrieved from Zookeeper. Logic similar to this can be implemented in Knox in a specialized Dispatch class so that the client connecting to Knox does not have to deal with HA gymnastics. -- This message was sent by Atlassian JIRA (v6.3.4#6332)
[jira] [Commented] (KNOX-567) Having Knox Supporting Hadoop/Yarn/HBase/Hive High Availability
[ https://issues.apache.org/jira/browse/KNOX-567?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=14629794#comment-14629794 ] Sumit Gupta commented on KNOX-567: -- Created [KNOX-570] for HiveServer2 HA. Having Knox Supporting Hadoop/Yarn/HBase/Hive High Availability Key: KNOX-567 URL: https://issues.apache.org/jira/browse/KNOX-567 Project: Apache Knox Issue Type: New Feature Components: Server Affects Versions: 0.7.0 Reporter: Tanping Wang Currently Knox only provides limited support of high availability to the Hadoop ecosystem, i.e. Knox supports only high availability for webHDFS. We need to make Knox supports Yarn, HDFS, Hive and HBase high availability as well. Especially after Knox supports Hadoop ecosystem UIs, having Knox supports at least the HA mode of Hadoop, Hive and HBase becomes even more critical. -- This message was sent by Atlassian JIRA (v6.3.4#6332)
[jira] [Commented] (KNOX-566) Make the Default Ephemeral DH Key Size 2048 with Ability to Override
[ https://issues.apache.org/jira/browse/KNOX-566?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=14629875#comment-14629875 ] Larry McCay commented on KNOX-566: -- I've committed this to branch v0.6.0 as well - so that it is available in an upcoming 0.6.1 release. Make the Default Ephemeral DH Key Size 2048 with Ability to Override Key: KNOX-566 URL: https://issues.apache.org/jira/browse/KNOX-566 Project: Apache Knox Issue Type: Bug Affects Versions: 0.5.0 Environment: Red Hat Enterprise Linux Server release 6.4 (Santiago) Reporter: Jeffrey E Rodriguez Assignee: Larry McCay Fix For: 0.7.0 Attachments: KNOX-566-001.patch See description of logjam The Logjam Attack https://weakdh.org/ To test you should do: [root@bdvs1392 logs]# openssl s_client -connect bdvs1392.svl.ibm.com:8443 -cipher EDH | grep Server Temp Key depth=0 C = US, ST = Test, L = Test, O = Hadoop, OU = Test, CN = bdvs1392.svl.ibm.com verify error:num=18:self signed certificate verify return:1 depth=0 C = US, ST = Test, L = Test, O = Hadoop, OU = Test, CN = bdvs1392.svl.ibm.com verify return:1 Server Temp Key: DH, 768 bits The key should = 1024 -- This message was sent by Atlassian JIRA (v6.3.4#6332)
