Details
-
Improvement
-
Status: Resolved
-
Major
-
Resolution: Invalid
-
None
-
None
-
None
Description
in file src/contrib/hdfsproxy/src/java/org/apache/hadoop/hdfsproxy/ProxyUtil.java, line 125, the SSL protocol is used in statement: SSLContext sc = SSLContext.getInstance("SSL");
Impact:
An SSL DDoS attack targets the SSL handshake protocol either by sending worthless data to the SSL server which will result in connection issues for legitimate users or by abusing the SSL handshake protocol itself.
Suggestions:
Upgrade the implementation to the “TLS”, and configure https.protocols JVM option to include TLSv1.2:
Useful links:
https://blogs.oracle.com/java-platform-group/diagnosing-tls,-ssl,-and-https
Please share with us your opinions/comments if there is any:
Is the bug report helpful?