hadoop git commit: HADOOP-12817. Enable TLS v1.1 and 1.2 (rkanter)
Repository: hadoop Updated Branches: refs/heads/branch-2.8 bfd8fb309 -> 0ab74b21a HADOOP-12817. Enable TLS v1.1 and 1.2 (rkanter) (cherry picked from commit a365a3941cf96a31c289cb22678a602738880f74) (cherry picked from commit f864faaafafcddb2bbcfd1171b4597e3e51e5c3d) Project: http://git-wip-us.apache.org/repos/asf/hadoop/repo Commit: http://git-wip-us.apache.org/repos/asf/hadoop/commit/0ab74b21 Tree: http://git-wip-us.apache.org/repos/asf/hadoop/tree/0ab74b21 Diff: http://git-wip-us.apache.org/repos/asf/hadoop/diff/0ab74b21 Branch: refs/heads/branch-2.8 Commit: 0ab74b21ab891e0b77382562d35b8cf04bb5554e Parents: bfd8fb3 Author: Robert KanterAuthored: Thu Feb 18 11:09:50 2016 -0800 Committer: Brahma Reddy Battula Committed: Thu Feb 15 00:32:54 2018 +0530 -- .../src/main/java/org/apache/hadoop/security/ssl/SSLFactory.java | 3 ++- .../hadoop-common/src/main/resources/core-default.xml| 4 ++-- .../src/site/markdown/EncryptedShuffle.md| 2 +- 3 files changed, 5 insertions(+), 4 deletions(-) -- http://git-wip-us.apache.org/repos/asf/hadoop/blob/0ab74b21/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/security/ssl/SSLFactory.java -- diff --git a/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/security/ssl/SSLFactory.java b/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/security/ssl/SSLFactory.java index 7148a65..45532bc 100644 --- a/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/security/ssl/SSLFactory.java +++ b/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/security/ssl/SSLFactory.java @@ -76,9 +76,10 @@ public class SSLFactory implements ConnectionConfigurator { public static final String SSL_ENABLED_PROTOCOLS_KEY = "hadoop.ssl.enabled.protocols"; - public static final String SSL_ENABLED_PROTOCOLS_DEFAULT = "TLSv1"; public static final String SSL_SERVER_EXCLUDE_CIPHER_LIST = "ssl.server.exclude.cipher.list"; + public static final String SSL_ENABLED_PROTOCOLS_DEFAULT = + "TLSv1,SSLv2Hello,TLSv1.1,TLSv1.2"; private Configuration conf; private Mode mode; http://git-wip-us.apache.org/repos/asf/hadoop/blob/0ab74b21/hadoop-common-project/hadoop-common/src/main/resources/core-default.xml -- diff --git a/hadoop-common-project/hadoop-common/src/main/resources/core-default.xml b/hadoop-common-project/hadoop-common/src/main/resources/core-default.xml index 6ef91b1..875ad53 100644 --- a/hadoop-common-project/hadoop-common/src/main/resources/core-default.xml +++ b/hadoop-common-project/hadoop-common/src/main/resources/core-default.xml @@ -1850,9 +1850,9 @@ hadoop.ssl.enabled.protocols - TLSv1 + TLSv1,SSLv2Hello,TLSv1.1,TLSv1.2 -Protocols supported by the ssl. +The supported SSL protocols. http://git-wip-us.apache.org/repos/asf/hadoop/blob/0ab74b21/hadoop-mapreduce-project/hadoop-mapreduce-client/hadoop-mapreduce-client-core/src/site/markdown/EncryptedShuffle.md -- diff --git a/hadoop-mapreduce-project/hadoop-mapreduce-client/hadoop-mapreduce-client-core/src/site/markdown/EncryptedShuffle.md b/hadoop-mapreduce-project/hadoop-mapreduce-client/hadoop-mapreduce-client-core/src/site/markdown/EncryptedShuffle.md index c23be7a..4083182 100644 --- a/hadoop-mapreduce-project/hadoop-mapreduce-client/hadoop-mapreduce-client-core/src/site/markdown/EncryptedShuffle.md +++ b/hadoop-mapreduce-project/hadoop-mapreduce-client/hadoop-mapreduce-client-core/src/site/markdown/EncryptedShuffle.md @@ -44,7 +44,7 @@ To enable encrypted shuffle, set the following properties in core-site.xml of al | `hadoop.ssl.keystores.factory.class` | `org.apache.hadoop.security.ssl.FileBasedKeyStoresFactory` | The KeyStoresFactory implementation to use | | `hadoop.ssl.server.conf` | `ssl-server.xml` | Resource file from which ssl server keystore information will be extracted. This file is looked up in the classpath, typically it should be in Hadoop conf/ directory | | `hadoop.ssl.client.conf` | `ssl-client.xml` | Resource file from which ssl server keystore information will be extracted. This file is looked up in the classpath, typically it should be in Hadoop conf/ directory | -| `hadoop.ssl.enabled.protocols` | `TLSv1` | The supported SSL protocols (JDK6 can use **TLSv1**, JDK7+ can use **TLSv1,TLSv1.1,TLSv1.2**) | +| `hadoop.ssl.enabled.protocols` | `TLSv1,SSLv2Hello,TLSv1.1,TLSv1.2` | The supported SSL protocols | **IMPORTANT:** Currently requiring client certificates should be set to false. Refer the [Client
[11/50] [abbrv] hadoop git commit: HADOOP-12817. Enable TLS v1.1 and 1.2 (rkanter)
HADOOP-12817. Enable TLS v1.1 and 1.2 (rkanter) Project: http://git-wip-us.apache.org/repos/asf/hadoop/repo Commit: http://git-wip-us.apache.org/repos/asf/hadoop/commit/a365a394 Tree: http://git-wip-us.apache.org/repos/asf/hadoop/tree/a365a394 Diff: http://git-wip-us.apache.org/repos/asf/hadoop/diff/a365a394 Branch: refs/heads/HDFS-7240 Commit: a365a3941cf96a31c289cb22678a602738880f74 Parents: 5d1889a Author: Robert KanterAuthored: Thu Feb 18 11:09:50 2016 -0800 Committer: Robert Kanter Committed: Thu Feb 18 11:09:50 2016 -0800 -- hadoop-common-project/hadoop-common/CHANGES.txt | 2 ++ .../src/main/java/org/apache/hadoop/security/ssl/SSLFactory.java | 3 ++- .../hadoop-common/src/main/resources/core-default.xml| 4 ++-- .../src/site/markdown/EncryptedShuffle.md| 2 +- 4 files changed, 7 insertions(+), 4 deletions(-) -- http://git-wip-us.apache.org/repos/asf/hadoop/blob/a365a394/hadoop-common-project/hadoop-common/CHANGES.txt -- diff --git a/hadoop-common-project/hadoop-common/CHANGES.txt b/hadoop-common-project/hadoop-common/CHANGES.txt index 9269960..41ba87d 100644 --- a/hadoop-common-project/hadoop-common/CHANGES.txt +++ b/hadoop-common-project/hadoop-common/CHANGES.txt @@ -691,6 +691,8 @@ Release 2.9.0 - UNRELEASED HADOOP-12710. Remove dependency on commons-httpclient for TestHttpServerLogs (Wei-Chiu Chuang via iwasakims) +HADOOP-12817. Enable TLS v1.1 and 1.2 (rkanter) + BUG FIXES HADOOP-12605. Fix intermittent failure of TestIPC.testIpcWithReaderQueuing http://git-wip-us.apache.org/repos/asf/hadoop/blob/a365a394/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/security/ssl/SSLFactory.java -- diff --git a/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/security/ssl/SSLFactory.java b/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/security/ssl/SSLFactory.java index edec347..518de80 100644 --- a/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/security/ssl/SSLFactory.java +++ b/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/security/ssl/SSLFactory.java @@ -69,7 +69,8 @@ public class SSLFactory implements ConnectionConfigurator { public static final String SSL_ENABLED_PROTOCOLS = "hadoop.ssl.enabled.protocols"; - public static final String DEFAULT_SSL_ENABLED_PROTOCOLS = "TLSv1"; + public static final String DEFAULT_SSL_ENABLED_PROTOCOLS = + "TLSv1,SSLv2Hello,TLSv1.1,TLSv1.2"; private Configuration conf; private Mode mode; http://git-wip-us.apache.org/repos/asf/hadoop/blob/a365a394/hadoop-common-project/hadoop-common/src/main/resources/core-default.xml -- diff --git a/hadoop-common-project/hadoop-common/src/main/resources/core-default.xml b/hadoop-common-project/hadoop-common/src/main/resources/core-default.xml index 34e1236..dd4919c 100644 --- a/hadoop-common-project/hadoop-common/src/main/resources/core-default.xml +++ b/hadoop-common-project/hadoop-common/src/main/resources/core-default.xml @@ -1644,9 +1644,9 @@ for ldap providers in the same way as above does. hadoop.ssl.enabled.protocols - TLSv1 + TLSv1,SSLv2Hello,TLSv1.1,TLSv1.2 -Protocols supported by the ssl. +The supported SSL protocols. http://git-wip-us.apache.org/repos/asf/hadoop/blob/a365a394/hadoop-mapreduce-project/hadoop-mapreduce-client/hadoop-mapreduce-client-core/src/site/markdown/EncryptedShuffle.md -- diff --git a/hadoop-mapreduce-project/hadoop-mapreduce-client/hadoop-mapreduce-client-core/src/site/markdown/EncryptedShuffle.md b/hadoop-mapreduce-project/hadoop-mapreduce-client/hadoop-mapreduce-client-core/src/site/markdown/EncryptedShuffle.md index fddd84f..f679781 100644 --- a/hadoop-mapreduce-project/hadoop-mapreduce-client/hadoop-mapreduce-client-core/src/site/markdown/EncryptedShuffle.md +++ b/hadoop-mapreduce-project/hadoop-mapreduce-client/hadoop-mapreduce-client-core/src/site/markdown/EncryptedShuffle.md @@ -44,7 +44,7 @@ To enable encrypted shuffle, set the following properties in core-site.xml of al | `hadoop.ssl.keystores.factory.class` | `org.apache.hadoop.security.ssl.FileBasedKeyStoresFactory` | The KeyStoresFactory implementation to use | | `hadoop.ssl.server.conf` | `ssl-server.xml` | Resource file from which ssl server keystore information will be extracted. This file is looked up in the classpath, typically it should be in Hadoop conf/ directory | | `hadoop.ssl.client.conf` | `ssl-client.xml` | Resource file from
[26/50] [abbrv] hadoop git commit: HADOOP-12817. Enable TLS v1.1 and 1.2 (rkanter)
HADOOP-12817. Enable TLS v1.1 and 1.2 (rkanter) Project: http://git-wip-us.apache.org/repos/asf/hadoop/repo Commit: http://git-wip-us.apache.org/repos/asf/hadoop/commit/a365a394 Tree: http://git-wip-us.apache.org/repos/asf/hadoop/tree/a365a394 Diff: http://git-wip-us.apache.org/repos/asf/hadoop/diff/a365a394 Branch: refs/heads/HDFS-1312 Commit: a365a3941cf96a31c289cb22678a602738880f74 Parents: 5d1889a Author: Robert KanterAuthored: Thu Feb 18 11:09:50 2016 -0800 Committer: Robert Kanter Committed: Thu Feb 18 11:09:50 2016 -0800 -- hadoop-common-project/hadoop-common/CHANGES.txt | 2 ++ .../src/main/java/org/apache/hadoop/security/ssl/SSLFactory.java | 3 ++- .../hadoop-common/src/main/resources/core-default.xml| 4 ++-- .../src/site/markdown/EncryptedShuffle.md| 2 +- 4 files changed, 7 insertions(+), 4 deletions(-) -- http://git-wip-us.apache.org/repos/asf/hadoop/blob/a365a394/hadoop-common-project/hadoop-common/CHANGES.txt -- diff --git a/hadoop-common-project/hadoop-common/CHANGES.txt b/hadoop-common-project/hadoop-common/CHANGES.txt index 9269960..41ba87d 100644 --- a/hadoop-common-project/hadoop-common/CHANGES.txt +++ b/hadoop-common-project/hadoop-common/CHANGES.txt @@ -691,6 +691,8 @@ Release 2.9.0 - UNRELEASED HADOOP-12710. Remove dependency on commons-httpclient for TestHttpServerLogs (Wei-Chiu Chuang via iwasakims) +HADOOP-12817. Enable TLS v1.1 and 1.2 (rkanter) + BUG FIXES HADOOP-12605. Fix intermittent failure of TestIPC.testIpcWithReaderQueuing http://git-wip-us.apache.org/repos/asf/hadoop/blob/a365a394/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/security/ssl/SSLFactory.java -- diff --git a/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/security/ssl/SSLFactory.java b/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/security/ssl/SSLFactory.java index edec347..518de80 100644 --- a/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/security/ssl/SSLFactory.java +++ b/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/security/ssl/SSLFactory.java @@ -69,7 +69,8 @@ public class SSLFactory implements ConnectionConfigurator { public static final String SSL_ENABLED_PROTOCOLS = "hadoop.ssl.enabled.protocols"; - public static final String DEFAULT_SSL_ENABLED_PROTOCOLS = "TLSv1"; + public static final String DEFAULT_SSL_ENABLED_PROTOCOLS = + "TLSv1,SSLv2Hello,TLSv1.1,TLSv1.2"; private Configuration conf; private Mode mode; http://git-wip-us.apache.org/repos/asf/hadoop/blob/a365a394/hadoop-common-project/hadoop-common/src/main/resources/core-default.xml -- diff --git a/hadoop-common-project/hadoop-common/src/main/resources/core-default.xml b/hadoop-common-project/hadoop-common/src/main/resources/core-default.xml index 34e1236..dd4919c 100644 --- a/hadoop-common-project/hadoop-common/src/main/resources/core-default.xml +++ b/hadoop-common-project/hadoop-common/src/main/resources/core-default.xml @@ -1644,9 +1644,9 @@ for ldap providers in the same way as above does. hadoop.ssl.enabled.protocols - TLSv1 + TLSv1,SSLv2Hello,TLSv1.1,TLSv1.2 -Protocols supported by the ssl. +The supported SSL protocols. http://git-wip-us.apache.org/repos/asf/hadoop/blob/a365a394/hadoop-mapreduce-project/hadoop-mapreduce-client/hadoop-mapreduce-client-core/src/site/markdown/EncryptedShuffle.md -- diff --git a/hadoop-mapreduce-project/hadoop-mapreduce-client/hadoop-mapreduce-client-core/src/site/markdown/EncryptedShuffle.md b/hadoop-mapreduce-project/hadoop-mapreduce-client/hadoop-mapreduce-client-core/src/site/markdown/EncryptedShuffle.md index fddd84f..f679781 100644 --- a/hadoop-mapreduce-project/hadoop-mapreduce-client/hadoop-mapreduce-client-core/src/site/markdown/EncryptedShuffle.md +++ b/hadoop-mapreduce-project/hadoop-mapreduce-client/hadoop-mapreduce-client-core/src/site/markdown/EncryptedShuffle.md @@ -44,7 +44,7 @@ To enable encrypted shuffle, set the following properties in core-site.xml of al | `hadoop.ssl.keystores.factory.class` | `org.apache.hadoop.security.ssl.FileBasedKeyStoresFactory` | The KeyStoresFactory implementation to use | | `hadoop.ssl.server.conf` | `ssl-server.xml` | Resource file from which ssl server keystore information will be extracted. This file is looked up in the classpath, typically it should be in Hadoop conf/ directory | | `hadoop.ssl.client.conf` | `ssl-client.xml` | Resource file from
hadoop git commit: HADOOP-12817. Enable TLS v1.1 and 1.2 (rkanter)
Repository: hadoop Updated Branches: refs/heads/trunk 5d1889a66 -> a365a3941 HADOOP-12817. Enable TLS v1.1 and 1.2 (rkanter) Project: http://git-wip-us.apache.org/repos/asf/hadoop/repo Commit: http://git-wip-us.apache.org/repos/asf/hadoop/commit/a365a394 Tree: http://git-wip-us.apache.org/repos/asf/hadoop/tree/a365a394 Diff: http://git-wip-us.apache.org/repos/asf/hadoop/diff/a365a394 Branch: refs/heads/trunk Commit: a365a3941cf96a31c289cb22678a602738880f74 Parents: 5d1889a Author: Robert KanterAuthored: Thu Feb 18 11:09:50 2016 -0800 Committer: Robert Kanter Committed: Thu Feb 18 11:09:50 2016 -0800 -- hadoop-common-project/hadoop-common/CHANGES.txt | 2 ++ .../src/main/java/org/apache/hadoop/security/ssl/SSLFactory.java | 3 ++- .../hadoop-common/src/main/resources/core-default.xml| 4 ++-- .../src/site/markdown/EncryptedShuffle.md| 2 +- 4 files changed, 7 insertions(+), 4 deletions(-) -- http://git-wip-us.apache.org/repos/asf/hadoop/blob/a365a394/hadoop-common-project/hadoop-common/CHANGES.txt -- diff --git a/hadoop-common-project/hadoop-common/CHANGES.txt b/hadoop-common-project/hadoop-common/CHANGES.txt index 9269960..41ba87d 100644 --- a/hadoop-common-project/hadoop-common/CHANGES.txt +++ b/hadoop-common-project/hadoop-common/CHANGES.txt @@ -691,6 +691,8 @@ Release 2.9.0 - UNRELEASED HADOOP-12710. Remove dependency on commons-httpclient for TestHttpServerLogs (Wei-Chiu Chuang via iwasakims) +HADOOP-12817. Enable TLS v1.1 and 1.2 (rkanter) + BUG FIXES HADOOP-12605. Fix intermittent failure of TestIPC.testIpcWithReaderQueuing http://git-wip-us.apache.org/repos/asf/hadoop/blob/a365a394/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/security/ssl/SSLFactory.java -- diff --git a/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/security/ssl/SSLFactory.java b/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/security/ssl/SSLFactory.java index edec347..518de80 100644 --- a/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/security/ssl/SSLFactory.java +++ b/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/security/ssl/SSLFactory.java @@ -69,7 +69,8 @@ public class SSLFactory implements ConnectionConfigurator { public static final String SSL_ENABLED_PROTOCOLS = "hadoop.ssl.enabled.protocols"; - public static final String DEFAULT_SSL_ENABLED_PROTOCOLS = "TLSv1"; + public static final String DEFAULT_SSL_ENABLED_PROTOCOLS = + "TLSv1,SSLv2Hello,TLSv1.1,TLSv1.2"; private Configuration conf; private Mode mode; http://git-wip-us.apache.org/repos/asf/hadoop/blob/a365a394/hadoop-common-project/hadoop-common/src/main/resources/core-default.xml -- diff --git a/hadoop-common-project/hadoop-common/src/main/resources/core-default.xml b/hadoop-common-project/hadoop-common/src/main/resources/core-default.xml index 34e1236..dd4919c 100644 --- a/hadoop-common-project/hadoop-common/src/main/resources/core-default.xml +++ b/hadoop-common-project/hadoop-common/src/main/resources/core-default.xml @@ -1644,9 +1644,9 @@ for ldap providers in the same way as above does. hadoop.ssl.enabled.protocols - TLSv1 + TLSv1,SSLv2Hello,TLSv1.1,TLSv1.2 -Protocols supported by the ssl. +The supported SSL protocols. http://git-wip-us.apache.org/repos/asf/hadoop/blob/a365a394/hadoop-mapreduce-project/hadoop-mapreduce-client/hadoop-mapreduce-client-core/src/site/markdown/EncryptedShuffle.md -- diff --git a/hadoop-mapreduce-project/hadoop-mapreduce-client/hadoop-mapreduce-client-core/src/site/markdown/EncryptedShuffle.md b/hadoop-mapreduce-project/hadoop-mapreduce-client/hadoop-mapreduce-client-core/src/site/markdown/EncryptedShuffle.md index fddd84f..f679781 100644 --- a/hadoop-mapreduce-project/hadoop-mapreduce-client/hadoop-mapreduce-client-core/src/site/markdown/EncryptedShuffle.md +++ b/hadoop-mapreduce-project/hadoop-mapreduce-client/hadoop-mapreduce-client-core/src/site/markdown/EncryptedShuffle.md @@ -44,7 +44,7 @@ To enable encrypted shuffle, set the following properties in core-site.xml of al | `hadoop.ssl.keystores.factory.class` | `org.apache.hadoop.security.ssl.FileBasedKeyStoresFactory` | The KeyStoresFactory implementation to use | | `hadoop.ssl.server.conf` | `ssl-server.xml` | Resource file from which ssl server keystore information will be extracted. This file is looked up in the classpath, typically it should be in Hadoop conf/
hadoop git commit: HADOOP-12817. Enable TLS v1.1 and 1.2 (rkanter)
Repository: hadoop Updated Branches: refs/heads/branch-2 779a69e28 -> f864faaaf HADOOP-12817. Enable TLS v1.1 and 1.2 (rkanter) (cherry picked from commit a365a3941cf96a31c289cb22678a602738880f74) Project: http://git-wip-us.apache.org/repos/asf/hadoop/repo Commit: http://git-wip-us.apache.org/repos/asf/hadoop/commit/f864faaa Tree: http://git-wip-us.apache.org/repos/asf/hadoop/tree/f864faaa Diff: http://git-wip-us.apache.org/repos/asf/hadoop/diff/f864faaa Branch: refs/heads/branch-2 Commit: f864faaafafcddb2bbcfd1171b4597e3e51e5c3d Parents: 779a69e Author: Robert KanterAuthored: Thu Feb 18 11:09:50 2016 -0800 Committer: Robert Kanter Committed: Thu Feb 18 11:11:32 2016 -0800 -- hadoop-common-project/hadoop-common/CHANGES.txt | 2 ++ .../src/main/java/org/apache/hadoop/security/ssl/SSLFactory.java | 3 ++- .../hadoop-common/src/main/resources/core-default.xml| 4 ++-- .../src/site/markdown/EncryptedShuffle.md| 2 +- 4 files changed, 7 insertions(+), 4 deletions(-) -- http://git-wip-us.apache.org/repos/asf/hadoop/blob/f864faaa/hadoop-common-project/hadoop-common/CHANGES.txt -- diff --git a/hadoop-common-project/hadoop-common/CHANGES.txt b/hadoop-common-project/hadoop-common/CHANGES.txt index 4332c6c..e122df6 100644 --- a/hadoop-common-project/hadoop-common/CHANGES.txt +++ b/hadoop-common-project/hadoop-common/CHANGES.txt @@ -41,6 +41,8 @@ Release 2.9.0 - UNRELEASED HADOOP-12710. Remove dependency on commons-httpclient for TestHttpServerLogs (Wei-Chiu Chuang via iwasakims) +HADOOP-12817. Enable TLS v1.1 and 1.2 (rkanter) + BUG FIXES HADOOP-12605. Fix intermittent failure of TestIPC.testIpcWithReaderQueuing http://git-wip-us.apache.org/repos/asf/hadoop/blob/f864faaa/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/security/ssl/SSLFactory.java -- diff --git a/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/security/ssl/SSLFactory.java b/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/security/ssl/SSLFactory.java index edec347..518de80 100644 --- a/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/security/ssl/SSLFactory.java +++ b/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/security/ssl/SSLFactory.java @@ -69,7 +69,8 @@ public class SSLFactory implements ConnectionConfigurator { public static final String SSL_ENABLED_PROTOCOLS = "hadoop.ssl.enabled.protocols"; - public static final String DEFAULT_SSL_ENABLED_PROTOCOLS = "TLSv1"; + public static final String DEFAULT_SSL_ENABLED_PROTOCOLS = + "TLSv1,SSLv2Hello,TLSv1.1,TLSv1.2"; private Configuration conf; private Mode mode; http://git-wip-us.apache.org/repos/asf/hadoop/blob/f864faaa/hadoop-common-project/hadoop-common/src/main/resources/core-default.xml -- diff --git a/hadoop-common-project/hadoop-common/src/main/resources/core-default.xml b/hadoop-common-project/hadoop-common/src/main/resources/core-default.xml index e1cd883..839deed 100644 --- a/hadoop-common-project/hadoop-common/src/main/resources/core-default.xml +++ b/hadoop-common-project/hadoop-common/src/main/resources/core-default.xml @@ -1646,9 +1646,9 @@ for ldap providers in the same way as above does. hadoop.ssl.enabled.protocols - TLSv1 + TLSv1,SSLv2Hello,TLSv1.1,TLSv1.2 -Protocols supported by the ssl. +The supported SSL protocols. http://git-wip-us.apache.org/repos/asf/hadoop/blob/f864faaa/hadoop-mapreduce-project/hadoop-mapreduce-client/hadoop-mapreduce-client-core/src/site/markdown/EncryptedShuffle.md -- diff --git a/hadoop-mapreduce-project/hadoop-mapreduce-client/hadoop-mapreduce-client-core/src/site/markdown/EncryptedShuffle.md b/hadoop-mapreduce-project/hadoop-mapreduce-client/hadoop-mapreduce-client-core/src/site/markdown/EncryptedShuffle.md index c23be7a..4083182 100644 --- a/hadoop-mapreduce-project/hadoop-mapreduce-client/hadoop-mapreduce-client-core/src/site/markdown/EncryptedShuffle.md +++ b/hadoop-mapreduce-project/hadoop-mapreduce-client/hadoop-mapreduce-client-core/src/site/markdown/EncryptedShuffle.md @@ -44,7 +44,7 @@ To enable encrypted shuffle, set the following properties in core-site.xml of al | `hadoop.ssl.keystores.factory.class` | `org.apache.hadoop.security.ssl.FileBasedKeyStoresFactory` | The KeyStoresFactory implementation to use | | `hadoop.ssl.server.conf` | `ssl-server.xml` | Resource file from which ssl server keystore information will be extracted. This file