Details
-
Bug
-
Status: Resolved
-
Major
-
Resolution: Fixed
-
2.7.4
-
None
-
None
Description
The multi-line value for ssl.server.exclude.cipher.list shown in ssl-server.xml.exmple does not work. The property value
<property> <name>ssl.server.exclude.cipher.list</name> <value>TLS_ECDHE_RSA_WITH_RC4_128_SHA,SSL_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA, SSL_RSA_WITH_DES_CBC_SHA,SSL_DHE_RSA_WITH_DES_CBC_SHA, SSL_RSA_EXPORT_WITH_RC4_40_MD5,SSL_RSA_EXPORT_WITH_DES40_CBC_SHA, SSL_RSA_WITH_RC4_128_MD5</value> <description>Optional. The weak security cipher suites that you want excluded from SSL communication.</description> </property>
is actually parsed into:
- "TLS_ECDHE_RSA_WITH_RC4_128_SHA"
- "SSL_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA"
- "\nSSL_RSA_WITH_DES_CBC_SHA"
- "SSL_DHE_RSA_WITH_DES_CBC_SHA"
- "\nSSL_RSA_EXPORT_WITH_RC4_40_MD5"
- "SSL_RSA_EXPORT_WITH_DES40_CBC_SHA"
- "\nSSL_RSA_WITH_RC4_128_MD5"
Attachments
Attachments
Issue Links
- is broken by
-
HADOOP-12668 Support excluding weak Ciphers in HttpServer2 through ssl-server.xml
- Resolved
-
HADOOP-12886 Exclude weak ciphers in SSLFactory through ssl-server.xml
- Resolved