Uploaded image for project: 'Hadoop HDFS'
  1. Hadoop HDFS
  2. HDFS-7274

Disable SSLv3 in HttpFS

Log workAgile BoardRank to TopRank to BottomAttach filesAttach ScreenshotBulk Copy AttachmentsBulk Move AttachmentsVotersWatch issueWatchersCreate sub-taskConvert to sub-taskMoveLinkCloneLabelsUpdate Comment AuthorReplace String in CommentUpdate Comment VisibilityDelete Comments
    XMLWordPrintableJSON

Details

    • Bug
    • Status: Closed
    • Blocker
    • Resolution: Fixed
    • 2.6.0
    • 2.6.0, 2.5.2
    • webhdfs
    • None
    • Reviewed

    Description

      We should disable SSLv3 in HttpFS to protect against the POODLEbleed vulnerability.
      See CVE-2014-3566

      We have sslProtocol="TLS" set to only allow TLS in ssl-server.xml, but when I checked, I could still connect with SSLv3. There documentation is somewhat unclear in the tomcat configs between sslProtocol, sslProtocols, and sslEnabledProtocols and what each value they take does exactly. From what I can gather, sslProtocol="TLS" actually includes SSLv3 and the only way to fix this is to explicitly list which TLS versions we support.

      Attachments

        1. HDFS-7274.patch
          0.8 kB
          Robert Kanter
        2. HDFS-7274.patch
          0.8 kB
          Robert Kanter

        Issue Links

        is required by

        Bug - A problem which impairs or prevents the functions of the product. HDFS-7391 Renable SSLv2Hello in HttpFS

        • Blocker - Blocks development and/or testing work, production could not run
        • Closed
        relates to

        Bug - A problem which impairs or prevents the functions of the product. HADOOP-11217 Disable SSLv3 in KMS

        • Blocker - Blocks development and/or testing work, production could not run
        • Closed

        Bug - A problem which impairs or prevents the functions of the product. HADOOP-11243 SSLFactory shouldn't allow SSLv3

        • Blocker - Blocks development and/or testing work, production could not run
        • Closed

        Bug - A problem which impairs or prevents the functions of the product. HDFS-7275 Add TLSv1.1,TLSv1.2 to HttpFS

        • Major - Major loss of function.
        • Closed

        Activity
          This comment will be Viewable by All Users Viewable by All Users
          Cancel

          People

            rkanter Robert Kanter Assign to me
            rkanter Robert Kanter
            Votes:
            0 Vote for this issue
            Watchers:
            10 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved:

              Slack

                Issue deployment