You are viewing a plain text version of this content. The canonical link for it is here.

Posted to common-dev@hadoop.apache.org by "Kihwal Lee (JIRA)" <ji...@apache.org> on 2019/08/15 18:22:00 UTC

[jira] [Created] (HADOOP-16517) Allow optional mutual TLS in HttpServer2

Kihwal Lee created HADOOP-16517:
-----------------------------------

             Summary: Allow optional mutual TLS in HttpServer2
                 Key: HADOOP-16517
                 URL: https://issues.apache.org/jira/browse/HADOOP-16517
             Project: Hadoop Common
          Issue Type: Improvement
            Reporter: Kihwal Lee


Currently the webservice can enforce mTLS by setting "dfs.client.https.need-auth" on the server side. (The config name is misleading, as it is actually server-side config. It has been deprecated from the client config)  A hadoop client can talk to mTLS enforced web service by setting "hadoop.ssl.require.client.cert" with proper ssl config.

We have seen use case where mTLS needs to be enabled optionally for only those clients who supplies their cert. In a mixed environment like this, individual services may still enforce mTLS for a subset of endpoints by checking the existence of x509 cert in the request.

 



--
This message was sent by Atlassian JIRA
(v7.6.14#76016)

---------------------------------------------------------------------
To unsubscribe, e-mail: common-dev-unsubscribe@hadoop.apache.org
For additional commands, e-mail: common-dev-help@hadoop.apache.org