Uploaded image for project: 'Hadoop Common'
  1. Hadoop Common
  2. HADOOP-12668

Support excluding weak Ciphers in HttpServer2 through ssl-server.xml

    Details

    • Target Version/s:
    • Hadoop Flags:
      Reviewed
    • Release Note:
      Hide
      The Code Changes include following:
      - Modified DFSUtil.java in Apache HDFS project for supplying new parameter ssl.server.exclude.cipher.list
      - Modified HttpServer2.java in Apache Hadoop-common project to work with new parameter and exclude ciphers using jetty setExcludeCihers method.
      - Modfied associated test classes to owrk with existing code and also cover the newfunctionality in junit
      Show
      The Code Changes include following: - Modified DFSUtil.java in Apache HDFS project for supplying new parameter ssl.server.exclude.cipher.list - Modified HttpServer2.java in Apache Hadoop-common project to work with new parameter and exclude ciphers using jetty setExcludeCihers method. - Modfied associated test classes to owrk with existing code and also cover the newfunctionality in junit
    • Tags:
      security ssl tls hadoop

      Description

      Currently Embeded jetty Server used across all hadoop services is configured through ssl-server.xml file from their respective configuration section. However, the SSL/TLS protocol being used for this jetty servers can be downgraded to weak cipher suites. This code changes aims to add following functionality:
      1) Add logic in hadoop common (HttpServer2.java and associated interfaces) to spawn jetty servers with ability to exclude weak cipher suites. I propose we make this though ssl-server.xml and hence each service can choose to disable specific ciphers.
      2) Modify DFSUtil.java used by HDFS code to supply new parameter ssl.server.exclude.cipher.list for hadoop-common code, so it can exclude the ciphers supplied through this key.

        Attachments

        1. Hadoop-12668.012.patch
          23 kB
          Zhe Zhang
        2. Hadoop-12668.011.patch
          24 kB
          Vijay Singh
        3. Hadoop-12668.010.patch
          24 kB
          Vijay Singh
        4. Hadoop-12668.009.patch
          20 kB
          Vijay Singh
        5. Hadoop-12668.008.patch
          20 kB
          Vijay Singh
        6. test.log
          186 kB
          Vijay Singh
        7. Hadoop-12668.007.patch
          16 kB
          Vijay Singh
        8. Hadoop-12668.006.patch
          14 kB
          Vijay Singh

          Issue Links

            Activity

              People

              • Assignee:
                SINGHVJD Vijay Singh
                Reporter:
                SINGHVJD Vijay Singh
              • Votes:
                0 Vote for this issue
                Watchers:
                8 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved:

                  Time Tracking

                  Estimated:
                  Original Estimate - 24h
                  24h
                  Remaining:
                  Remaining Estimate - 24h
                  24h
                  Logged:
                  Time Spent - Not Specified
                  Not Specified