[HADOOP-16000] Remove TLSv1 and SSLv2Hello from the default value of hadoop.ssl.enabled.protocols - ASF JIRA

XML

Word

Printable

JSON

Details

Type: Improvement
Status: Resolved
Priority: Major
Resolution: Fixed
Affects Version/s: None
Fix Version/s: 3.3.0
Component/s: security
Labels:
None

Target Version/s:

3.3.0
Hadoop Flags:

Incompatible change, Reviewed
Release Note:
TLSv1 and SSLv2Hello were removed from the default value of "hadoop.ssl.enabled.protocols".

Description

core-default.xml

  public static final String SSL_ENABLED_PROTOCOLS_DEFAULT =
      "TLSv1,SSLv2Hello,TLSv1.1,TLSv1.2";

TLSv1 and SSLv2Hello are considered to be vulnerable. Let's remove these by default.

Attachments

Options
- Sort By Name
- Sort By Date
- Ascending
- Descending

Attachments

HADOOP-16000.001.patch
12/Dec/18 06:29
2 kB
Gabor Bota
HADOOP-16000.002.patch
14/Dec/18 14:47
2 kB
Gabor Bota

Issue Links

is related to

HADOOP-15169 "hadoop.ssl.enabled.protocols" should be considered in httpserver2

Patch Available

relates to

HADOOP-11243 SSLFactory shouldn't allow SSLv3

Closed

HADOOP-12817 Enable TLS v1.1 and 1.2

Resolved

Activity

People

Assignee:

Gabor Bota

Reporter:

Akira Ajisaka

Votes:

0 Vote for this issue

Watchers:

7 Start watching this issue

Dates

Created:

12/Dec/18 05:05

Updated:

15/Dec/18 02:11

Resolved:

15/Dec/18 01:56