[HDFS-11418] HttpFS should support old SSL clients - ASF JIRA

XML

Word

Printable

JSON

Details

Type: Improvement
Status: Resolved
Priority: Minor
Resolution: Fixed
Affects Version/s: 2.8.0, 2.7.4, 2.6.6
Fix Version/s: 2.9.0
Component/s: httpfs
Labels:
None

Target Version/s:

2.9.0

Description

~~HADOOP-13812~~ upgraded Tomcat to 6.0.48 which filters weak ciphers. Old SSL clients such as curl stop working. The symptom is NSS error -12286 when running curl -v.

Instead of forcing the SSL clients to upgrade, we can configure Tomcat to explicitly allow enough weak ciphers so that old SSL clients can work.

Attachments

- Sort By Name
- Sort By Date
- Ascending
- Descending

HDFS-11418.branch-2.001.patch
15/Feb/17 20:03
5 kB
John Zhuge
HDFS-11418.branch-2.002.patch
19/Feb/17 10:14
15 kB
John Zhuge
HDFS-11418.branch-2.003.patch
01/Mar/17 23:24
15 kB
John Zhuge

Issue Links

is broken by

HADOOP-13812 Upgrade Tomcat to 6.0.48

Resolved

is depended upon by

HDFS-11579 Make HttpFS Tomcat SSL property sslEnabledProtocols and clientAuth configurable

Resolved

HDFS-11816 Update default SSL cipher list for HttpFS

Resolved

relates to

HADOOP-14083 KMS should support old SSL clients

Resolved

Activity

People

Assignee:: John Zhuge

Reporter:: John Zhuge

Votes:: 0 Vote for this issue

Watchers:: 3 Start watching this issue

Dates

Created:: 15/Feb/17 18:33

Updated:: 12/May/17 14:25

Resolved:: 02/Mar/17 04:00