Uploaded image for project: 'Hadoop Common'
  1. Hadoop Common
  2. HADOOP-16000

Remove TLSv1 and SSLv2Hello from the default value of hadoop.ssl.enabled.protocols

    XMLWordPrintableJSON

    Details

    • Type: Improvement
    • Status: Resolved
    • Priority: Major
    • Resolution: Fixed
    • Affects Version/s: None
    • Fix Version/s: 3.3.0
    • Component/s: security
    • Labels:
      None
    • Target Version/s:
    • Hadoop Flags:
      Incompatible change, Reviewed
    • Release Note:
      TLSv1 and SSLv2Hello were removed from the default value of "hadoop.ssl.enabled.protocols".

      Description

      core-default.xml
        public static final String SSL_ENABLED_PROTOCOLS_DEFAULT =
            "TLSv1,SSLv2Hello,TLSv1.1,TLSv1.2";
      

      TLSv1 and SSLv2Hello are considered to be vulnerable. Let's remove these by default.

        Attachments

        1. HADOOP-16000.002.patch
          2 kB
          Gabor Bota
        2. HADOOP-16000.001.patch
          2 kB
          Gabor Bota

          Issue Links

            Activity

              People

              • Assignee:
                gabor.bota Gabor Bota
                Reporter:
                aajisaka Akira Ajisaka
              • Votes:
                0 Vote for this issue
                Watchers:
                7 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved: