[HADOOP-14341] Support multi-line value for ssl.server.exclude.cipher.list - ASF JIRA

XML

Word

Printable

JSON

Details

Type: Bug
Status: Resolved
Priority: Major
Resolution: Fixed
Affects Version/s: 2.7.4
Fix Version/s: 2.9.0, 3.0.0-alpha4, 2.8.2
Component/s: None
Labels:
None

Target Version/s:

2.8.1, 3.0.0-alpha4

Description

The multi-line value for ssl.server.exclude.cipher.list shown in ssl-server.xml.exmple does not work. The property value

<property>
  <name>ssl.server.exclude.cipher.list</name>
  <value>TLS_ECDHE_RSA_WITH_RC4_128_SHA,SSL_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA,
  SSL_RSA_WITH_DES_CBC_SHA,SSL_DHE_RSA_WITH_DES_CBC_SHA,
  SSL_RSA_EXPORT_WITH_RC4_40_MD5,SSL_RSA_EXPORT_WITH_DES40_CBC_SHA,
  SSL_RSA_WITH_RC4_128_MD5</value>
  <description>Optional. The weak security cipher suites that you want excluded
  from SSL communication.</description>
</property>

is actually parsed into:

"TLS_ECDHE_RSA_WITH_RC4_128_SHA"
"SSL_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA"
"\nSSL_RSA_WITH_DES_CBC_SHA"
"SSL_DHE_RSA_WITH_DES_CBC_SHA"
"\nSSL_RSA_EXPORT_WITH_RC4_40_MD5"
"SSL_RSA_EXPORT_WITH_DES40_CBC_SHA"
"\nSSL_RSA_WITH_RC4_128_MD5"

Attachments

- Sort By Name
- Sort By Date
- Ascending
- Descending

HADOOP-14341.001.patch
21/Apr/17 09:54
11 kB
John Zhuge
HADOOP-14341.002.patch
21/Apr/17 23:45
11 kB
John Zhuge
HADOOP-14341.003.patch
21/Apr/17 23:51
11 kB
John Zhuge

Issue Links

is broken by

HADOOP-12668 Support excluding weak Ciphers in HttpServer2 through ssl-server.xml

Resolved

HADOOP-12886 Exclude weak ciphers in SSLFactory through ssl-server.xml

Resolved

Activity

People

Assignee:: John Zhuge

Reporter:: John Zhuge

Votes:: 0 Vote for this issue

Watchers:: 5 Start watching this issue

Dates

Created:: 21/Apr/17 09:08

Updated:: 08/Jun/17 00:13

Resolved:: 26/Apr/17 05:46