You are viewing a plain text version of this content. The canonical link for it is here.

Posted to issues@kudu.apache.org by "Dan Burkert (JIRA)" <ji...@apache.org> on 2017/10/16 23:23:00 UTC

[jira] [Created] (KUDU-2190) webserver HTTPS/TLS cipher list is insecure on RHEL 6

Dan Burkert created KUDU-2190:
---------------------------------

             Summary: webserver HTTPS/TLS cipher list is insecure on RHEL 6
                 Key: KUDU-2190
                 URL: https://issues.apache.org/jira/browse/KUDU-2190
             Project: Kudu
          Issue Type: Bug
          Components: server
    Affects Versions: 1.5.0
            Reporter: Dan Burkert
            Priority: Blocker


We aren't overriding the default cipher list for the webserver, so it's defaulting to the OpenSSL default cipher suite for the platform.  On RHEL 6, this suite contains 3DES, RC4 and other undesirables.



--
This message was sent by Atlassian JIRA
(v6.4.14#64029)