You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@accumulo.apache.org by ct...@apache.org on 2018/04/09 20:40:29 UTC

[accumulo] branch 1.8 updated: Make TLSv1.2 the default (#417)

This is an automated email from the ASF dual-hosted git repository.

ctubbsii pushed a commit to branch 1.8
in repository https://gitbox.apache.org/repos/asf/accumulo.git


The following commit(s) were added to refs/heads/1.8 by this push:
     new e059c54  Make TLSv1.2 the default (#417)
e059c54 is described below

commit e059c54553e7d095799be15c993cec7c31ed54e5
Author: Christopher Tubbs <ct...@apache.org>
AuthorDate: Mon Apr 9 16:40:26 2018 -0400

    Make TLSv1.2 the default (#417)
    
    When Accumulo's RPC is configured for SSL/TLS, the connections
    will use TLSv1.2 by default (instead of TLSv1 or TLSv1.1).
---
 core/src/main/java/org/apache/accumulo/core/conf/Property.java | 10 ++++------
 1 file changed, 4 insertions(+), 6 deletions(-)

diff --git a/core/src/main/java/org/apache/accumulo/core/conf/Property.java b/core/src/main/java/org/apache/accumulo/core/conf/Property.java
index eea039f..1eed867 100644
--- a/core/src/main/java/org/apache/accumulo/core/conf/Property.java
+++ b/core/src/main/java/org/apache/accumulo/core/conf/Property.java
@@ -130,11 +130,9 @@ public enum Property {
           + "javax.net.ssl.* Accumulo properties"),
   RPC_SSL_CIPHER_SUITES("rpc.ssl.cipher.suites", "", PropertyType.STRING,
       "Comma separated list of cipher suites that can be used by accepted connections"),
-  RPC_SSL_ENABLED_PROTOCOLS("rpc.ssl.server.enabled.protocols", "TLSv1,TLSv1.1,TLSv1.2",
-      PropertyType.STRING,
+  RPC_SSL_ENABLED_PROTOCOLS("rpc.ssl.server.enabled.protocols", "TLSv1.2", PropertyType.STRING,
       "Comma separated list of protocols that can be used to accept connections"),
-  // TLSv1.2 should be used as the default when JDK6 support is dropped
-  RPC_SSL_CLIENT_PROTOCOL("rpc.ssl.client.protocol", "TLSv1", PropertyType.STRING,
+  RPC_SSL_CLIENT_PROTOCOL("rpc.ssl.client.protocol", "TLSv1.2", PropertyType.STRING,
       "The protocol used to connect to a secure server, must be in the list of enabled protocols "
           + "on the server side (rpc.ssl.server.enabled.protocols)"),
   /**
@@ -580,8 +578,8 @@ public enum Property {
   MONITOR_SSL_EXCLUDE_CIPHERS("monitor.ssl.exclude.ciphers", "", PropertyType.STRING,
       "A comma-separated list of disallowed SSL Ciphers, see"
           + " monitor.ssl.include.ciphers to allow ciphers"),
-  MONITOR_SSL_INCLUDE_PROTOCOLS("monitor.ssl.include.protocols", "TLSv1,TLSv1.1,TLSv1.2",
-      PropertyType.STRING, "A comma-separate list of allowed SSL protocols"),
+  MONITOR_SSL_INCLUDE_PROTOCOLS("monitor.ssl.include.protocols", "TLSv1.2", PropertyType.STRING,
+      "A comma-separate list of allowed SSL protocols"),
 
   MONITOR_LOCK_CHECK_INTERVAL("monitor.lock.check.interval", "5s", PropertyType.TIMEDURATION,
       "The amount of time to sleep between checking for the Montior ZooKeeper lock"),

-- 
To stop receiving notification emails like this one, please contact
ctubbsii@apache.org.