This is an automated email from the ASF dual-hosted git repository. hapylestat pushed a commit to branch branch-2.7 in repository https://gitbox.apache.org/repos/asf/ambari.git
The following commit(s) were added to refs/heads/branch-2.7 by this push: new a10880a AMBARI-25520. Insecure Transport : Weak SSL Cipher and weak protocol. (#3204) (dvitiuk via dgrinenko) a10880a is described below commit a10880a63e6fbef44662ba9f37e87082e9985c64 Author: dvitiiuk <dmitriiviti...@gmail.com> AuthorDate: Wed Jun 24 11:17:25 2020 +0300 AMBARI-25520. Insecure Transport : Weak SSL Cipher and weak protocol. (#3204) (dvitiuk via dgrinenko) --- .../java/org/apache/ambari/server/controller/AmbariServer.java | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/ambari-server/src/main/java/org/apache/ambari/server/controller/AmbariServer.java b/ambari-server/src/main/java/org/apache/ambari/server/controller/AmbariServer.java index b8f440a..ee858bf 100644 --- a/ambari-server/src/main/java/org/apache/ambari/server/controller/AmbariServer.java +++ b/ambari-server/src/main/java/org/apache/ambari/server/controller/AmbariServer.java @@ -200,6 +200,7 @@ public class AmbariServer { */ public static final EnumSet<DispatcherType> DISPATCHER_TYPES = EnumSet.of(DispatcherType.REQUEST); private static final int DEFAULT_ACCEPTORS_COUNT = 1; + private static final String[] DEPRECATED_SSL_PROTOCOLS = new String[] {"TLSv1"}; static { Velocity.setProperty("runtime.log.logsystem.log4j.logger", VELOCITY_LOG_CATEGORY); @@ -802,9 +803,9 @@ public class AmbariServer { * at server properties) */ private void disableInsecureProtocols(SslContextFactory factory) { - // by default all protocols should be available - factory.setExcludeProtocols(); - factory.setIncludeProtocols(new String[] {"SSLv2Hello","SSLv3","TLSv1","TLSv1.1","TLSv1.2"}); + // by default all protocols should be available, excluding TLSv1.0 + factory.setExcludeProtocols(DEPRECATED_SSL_PROTOCOLS); + factory.setIncludeProtocols(new String[] {"SSLv2Hello","SSLv3","TLSv1.1","TLSv1.2"}); if (!configs.getSrvrDisabledCiphers().isEmpty()) { String[] masks = configs.getSrvrDisabledCiphers().split(DISABLED_ENTRIES_SPLITTER);