Uploaded image for project: 'Hadoop Common'
  1. Hadoop Common
  2. HADOOP-14083

KMS should support old SSL clients

VotersWatch issueWatchersCreate sub-taskLinkCloneUpdate Comment AuthorReplace String in CommentUpdate Comment VisibilityDelete Comments
    XMLWordPrintableJSON

Details

    • Improvement
    • Status: Resolved
    • Minor
    • Resolution: Fixed
    • 2.8.0, 2.7.4, 2.6.6
    • 2.9.0
    • kms
    • None
    • Reviewed

    Description

      HADOOP-13812 upgraded Tomcat to 6.0.48 which filters weak ciphers. Old SSL clients such as curl stop working. The symptom is NSS error -12286 when running curl -v.

      Instead of forcing the SSL clients to upgrade, we can configure Tomcat to explicitly allow enough weak ciphers so that old SSL clients can work.

      Attachments

        1. HADOOP-14083.branch-2.001.patch
          5 kB
          John Zhuge
        2. HADOOP-14083.branch-2.002.patch
          14 kB
          John Zhuge

        Issue Links

        Activity

          This comment will be Viewable by All Users Viewable by All Users
          Cancel

          People

            jzhuge John Zhuge
            jzhuge John Zhuge
            Votes:
            0 Vote for this issue
            Watchers:
            5 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved:

              Slack

                Issue deployment