Uploaded image for project: 'Hadoop Common'
  1. Hadoop Common
  2. HADOOP-14083

KMS should support old SSL clients

    XMLWordPrintableJSON

Details

    • Improvement
    • Status: Resolved
    • Minor
    • Resolution: Fixed
    • 2.8.0, 2.7.4, 2.6.6
    • 2.9.0
    • kms
    • None
    • Reviewed

    Description

      HADOOP-13812 upgraded Tomcat to 6.0.48 which filters weak ciphers. Old SSL clients such as curl stop working. The symptom is NSS error -12286 when running curl -v.

      Instead of forcing the SSL clients to upgrade, we can configure Tomcat to explicitly allow enough weak ciphers so that old SSL clients can work.

      Attachments

        1. HADOOP-14083.branch-2.001.patch
          5 kB
          John Zhuge
        2. HADOOP-14083.branch-2.002.patch
          14 kB
          John Zhuge

        Issue Links

          Activity

            People

              jzhuge John Zhuge
              jzhuge John Zhuge
              Votes:
              0 Vote for this issue
              Watchers:
              5 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: