[HDFS-15824] Update to enable TLS >=1.2 as default secure protocols - ASF JIRA

XML

Word

Printable

JSON

Details

Type: Improvement
Status: Resolved
Priority: Major
Resolution: Invalid
Affects Version/s: None
Fix Version/s: None
Component/s: contrib/hdfsproxy
Labels:
None

Description

in file src/contrib/hdfsproxy/src/java/org/apache/hadoop/hdfsproxy/ProxyUtil.java, line 125, the SSL protocol is used in statement: SSLContext sc = SSLContext.getInstance("SSL");

Impact:

An SSL DDoS attack targets the SSL handshake protocol either by sending worthless data to the SSL server which will result in connection issues for legitimate users or by abusing the SSL handshake protocol itself.

Suggestions:

Upgrade the implementation to the “TLS”, and configure https.protocols JVM option to include TLSv1.2:

Useful links:

https://blogs.oracle.com/java-platform-group/diagnosing-tls,-ssl,-and-https

https://www.appmarq.com/public/tqi,1039002,CWE-319-Avoid-using-Deprecated-SSL-protocols-to-secure-connection

Please share with us your opinions/comments if there is any:

Is the bug report helpful?

Attachments

Activity

People

Assignee:: Unassigned

Reporter:: Vicky Zhang

Votes:: 0 Vote for this issue

Watchers:: 5 Start watching this issue

Dates

Created:: 06/Feb/21 14:06

Updated:: 11/Feb/21 00:07

Resolved:: 08/Feb/21 15:24