Rev01: initial patch for SSLFactory to exclude cipher suites listed listed in ssl-server.xml.
I have tested this patch on a CDH cluster, and this is the result of opening an SSL connection using excluded cipher suites to a data node web URL:
openssl s_client -connect weichiu-cipher-2.vpc.cloudera.com:20004 -cipher RC4-SHA
139952247441224:error:140790E5:SSL routines:SSL23_WRITE:ssl handshake failure:s23_lib.c:184:
no peer certificate available
No client certificate CA names sent
SSL handshake has read 0 bytes and written 99 bytes
New, (NONE), Cipher is (NONE)
Secure Renegotiation IS NOT supported
I'll include test cases in the next revision.