Uploaded image for project: 'Hadoop Common'
  1. Hadoop Common
  2. HADOOP-12668

Support excluding weak Ciphers in HttpServer2 through ssl-server.xml

VotersWatch issueWatchersCreate sub-taskLinkCloneUpdate Comment AuthorReplace String in CommentUpdate Comment VisibilityDelete Comments
    XMLWordPrintableJSON

Details

    • Reviewed
    • Hide
      The Code Changes include following:
      - Modified DFSUtil.java in Apache HDFS project for supplying new parameter ssl.server.exclude.cipher.list
      - Modified HttpServer2.java in Apache Hadoop-common project to work with new parameter and exclude ciphers using jetty setExcludeCihers method.
      - Modfied associated test classes to owrk with existing code and also cover the newfunctionality in junit
      Show
      The Code Changes include following: - Modified DFSUtil.java in Apache HDFS project for supplying new parameter ssl.server.exclude.cipher.list - Modified HttpServer2.java in Apache Hadoop-common project to work with new parameter and exclude ciphers using jetty setExcludeCihers method. - Modfied associated test classes to owrk with existing code and also cover the newfunctionality in junit
    • security ssl tls hadoop

    Description

      Currently Embeded jetty Server used across all hadoop services is configured through ssl-server.xml file from their respective configuration section. However, the SSL/TLS protocol being used for this jetty servers can be downgraded to weak cipher suites. This code changes aims to add following functionality:
      1) Add logic in hadoop common (HttpServer2.java and associated interfaces) to spawn jetty servers with ability to exclude weak cipher suites. I propose we make this though ssl-server.xml and hence each service can choose to disable specific ciphers.
      2) Modify DFSUtil.java used by HDFS code to supply new parameter ssl.server.exclude.cipher.list for hadoop-common code, so it can exclude the ciphers supplied through this key.

      Attachments

        1. Hadoop-12668.006.patch
          14 kB
          Vijay Singh
        2. Hadoop-12668.007.patch
          16 kB
          Vijay Singh
        3. Hadoop-12668.008.patch
          20 kB
          Vijay Singh
        4. Hadoop-12668.009.patch
          20 kB
          Vijay Singh
        5. Hadoop-12668.010.patch
          24 kB
          Vijay Singh
        6. Hadoop-12668.011.patch
          24 kB
          Vijay Singh
        7. Hadoop-12668.012.patch
          23 kB
          Zhe Zhang
        8. test.log
          186 kB
          Vijay Singh

        Issue Links

        Activity

          This comment will be Viewable by All Users Viewable by All Users
          Cancel

          People

            SINGHVJD Vijay Singh
            SINGHVJD Vijay Singh
            Votes:
            0 Vote for this issue
            Watchers:
            8 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved:

              Time Tracking

                Estimated:
                Original Estimate - 24h
                24h
                Remaining:
                Remaining Estimate - 24h
                24h
                Logged:
                Time Spent - Not Specified
                Not Specified

                Slack

                  Issue deployment