Uploaded image for project: 'Hadoop Common'
  1. Hadoop Common
  2. HADOOP-14083

KMS should support old SSL clients

    XMLWordPrintableJSON

    Details

    • Type: Improvement
    • Status: Resolved
    • Priority: Minor
    • Resolution: Fixed
    • Affects Version/s: 2.8.0, 2.7.4, 2.6.6
    • Fix Version/s: 2.9.0
    • Component/s: kms
    • Labels:
      None
    • Target Version/s:
    • Hadoop Flags:
      Reviewed

      Description

      HADOOP-13812 upgraded Tomcat to 6.0.48 which filters weak ciphers. Old SSL clients such as curl stop working. The symptom is NSS error -12286 when running curl -v.

      Instead of forcing the SSL clients to upgrade, we can configure Tomcat to explicitly allow enough weak ciphers so that old SSL clients can work.

        Attachments

        1. HADOOP-14083.branch-2.002.patch
          14 kB
          John Zhuge
        2. HADOOP-14083.branch-2.001.patch
          5 kB
          John Zhuge

          Issue Links

            Activity

              People

              • Assignee:
                jzhuge John Zhuge
                Reporter:
                jzhuge John Zhuge
              • Votes:
                0 Vote for this issue
                Watchers:
                5 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved: