You are viewing a plain text version of this content. The canonical link for it is here.
Posted to common-commits@hadoop.apache.org by we...@apache.org on 2019/09/10 02:53:35 UTC
[hadoop] branch trunk updated: HADOOP-16549. Remove Unsupported
SSL/TLS Versions from Docs/Properties. Contributed by Daisuke Kobayashi.
This is an automated email from the ASF dual-hosted git repository.
weichiu pushed a commit to branch trunk
in repository https://gitbox.apache.org/repos/asf/hadoop.git
The following commit(s) were added to refs/heads/trunk by this push:
new bc2d3a7 HADOOP-16549. Remove Unsupported SSL/TLS Versions from Docs/Properties. Contributed by Daisuke Kobayashi.
bc2d3a7 is described below
commit bc2d3a71d6e09310d1e49e4e31433304c76e6701
Author: Daisuke Kobayashi <da...@cloudera.com>
AuthorDate: Tue Sep 10 10:51:03 2019 +0800
HADOOP-16549. Remove Unsupported SSL/TLS Versions from Docs/Properties. Contributed by Daisuke Kobayashi.
Signed-off-by: Wei-Chiu Chuang <we...@apache.org>
Reviewed-by: Akira Ajisaka <aa...@apache.org>
---
.../src/main/java/org/apache/hadoop/security/ssl/SSLFactory.java | 2 +-
.../hadoop-common/src/main/resources/core-default.xml | 4 ++--
.../src/site/markdown/EncryptedShuffle.md | 2 +-
3 files changed, 4 insertions(+), 4 deletions(-)
diff --git a/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/security/ssl/SSLFactory.java b/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/security/ssl/SSLFactory.java
index a7548aa..e10741e 100644
--- a/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/security/ssl/SSLFactory.java
+++ b/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/security/ssl/SSLFactory.java
@@ -72,7 +72,7 @@ public class SSLFactory implements ConnectionConfigurator {
public static final String SSL_ENABLED_PROTOCOLS_KEY =
"hadoop.ssl.enabled.protocols";
public static final String SSL_ENABLED_PROTOCOLS_DEFAULT =
- "TLSv1.1,TLSv1.2";
+ "TLSv1.2";
public static final String SSL_SERVER_NEED_CLIENT_AUTH =
"ssl.server.need.client.auth";
diff --git a/hadoop-common-project/hadoop-common/src/main/resources/core-default.xml b/hadoop-common-project/hadoop-common/src/main/resources/core-default.xml
index 583f833..1842171 100644
--- a/hadoop-common-project/hadoop-common/src/main/resources/core-default.xml
+++ b/hadoop-common-project/hadoop-common/src/main/resources/core-default.xml
@@ -2703,9 +2703,9 @@
<property>
<name>hadoop.ssl.enabled.protocols</name>
- <value>TLSv1.1,TLSv1.2</value>
+ <value>TLSv1.2</value>
<description>
- The supported SSL protocols. The parameter will only used from
+ The supported SSL protocols. The parameter will only be used from
DatanodeHttpServer.
</description>
</property>
diff --git a/hadoop-mapreduce-project/hadoop-mapreduce-client/hadoop-mapreduce-client-core/src/site/markdown/EncryptedShuffle.md b/hadoop-mapreduce-project/hadoop-mapreduce-client/hadoop-mapreduce-client-core/src/site/markdown/EncryptedShuffle.md
index 1b109a3..ddddcd9 100644
--- a/hadoop-mapreduce-project/hadoop-mapreduce-client/hadoop-mapreduce-client-core/src/site/markdown/EncryptedShuffle.md
+++ b/hadoop-mapreduce-project/hadoop-mapreduce-client/hadoop-mapreduce-client-core/src/site/markdown/EncryptedShuffle.md
@@ -46,7 +46,7 @@ To enable encrypted shuffle, set the following properties in core-site.xml of al
| `hadoop.ssl.keystores.factory.class` | `org.apache.hadoop.security.ssl.FileBasedKeyStoresFactory` | The KeyStoresFactory implementation to use |
| `hadoop.ssl.server.conf` | `ssl-server.xml` | Resource file from which ssl server keystore information will be extracted. This file is looked up in the classpath, typically it should be in Hadoop conf/ directory |
| `hadoop.ssl.client.conf` | `ssl-client.xml` | Resource file from which ssl server keystore information will be extracted. This file is looked up in the classpath, typically it should be in Hadoop conf/ directory |
-| `hadoop.ssl.enabled.protocols` | `TLSv1,SSLv2Hello,TLSv1.1,TLSv1.2` | The supported SSL protocols |
+| `hadoop.ssl.enabled.protocols` | `TLSv1.2` | The supported SSL protocols. The parameter will only be used from DatanodeHttpServer. |
**IMPORTANT:** Currently requiring client certificates should be set to false. Refer the [Client Certificates](#Client_Certificates) section for details.
---------------------------------------------------------------------
To unsubscribe, e-mail: common-commits-unsubscribe@hadoop.apache.org
For additional commands, e-mail: common-commits-help@hadoop.apache.org