You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@ambari.apache.org by wu...@apache.org on 2022/11/21 15:40:33 UTC
[ambari] branch trunk updated: AMBARI-25520: Insecure Transport : Weak SSL Cipher and weak protocol (#3533)
This is an automated email from the ASF dual-hosted git repository.
wuzhiguo pushed a commit to branch trunk
in repository https://gitbox.apache.org/repos/asf/ambari.git
The following commit(s) were added to refs/heads/trunk by this push:
new db5b0b79e5 AMBARI-25520: Insecure Transport : Weak SSL Cipher and weak protocol (#3533)
db5b0b79e5 is described below
commit db5b0b79e54aa3c8a9debac04bbc636ab9dbdc69
Author: Zhiguo Wu <wu...@apache.org>
AuthorDate: Mon Nov 21 23:40:26 2022 +0800
AMBARI-25520: Insecure Transport : Weak SSL Cipher and weak protocol (#3533)
---
.../java/org/apache/ambari/server/controller/AmbariServer.java | 7 ++++---
1 file changed, 4 insertions(+), 3 deletions(-)
diff --git a/ambari-server/src/main/java/org/apache/ambari/server/controller/AmbariServer.java b/ambari-server/src/main/java/org/apache/ambari/server/controller/AmbariServer.java
index accdd97868..5dbf372dc9 100644
--- a/ambari-server/src/main/java/org/apache/ambari/server/controller/AmbariServer.java
+++ b/ambari-server/src/main/java/org/apache/ambari/server/controller/AmbariServer.java
@@ -200,6 +200,7 @@ public class AmbariServer {
*/
public static final EnumSet<DispatcherType> DISPATCHER_TYPES = EnumSet.of(DispatcherType.REQUEST);
private static final int DEFAULT_ACCEPTORS_COUNT = 1;
+ private static final String[] DEPRECATED_SSL_PROTOCOLS = new String[] {"TLSv1"};
static {
Velocity.setProperty("runtime.log.logsystem.log4j.logger", VELOCITY_LOG_CATEGORY);
@@ -802,9 +803,9 @@ public class AmbariServer {
* at server properties)
*/
private void disableInsecureProtocols(SslContextFactory factory) {
- // by default all protocols should be available
- factory.setExcludeProtocols();
- factory.setIncludeProtocols(new String[] {"SSLv2Hello","SSLv3","TLSv1","TLSv1.1","TLSv1.2"});
+ // by default all protocols should be available, excluding TLSv1.0
+ factory.setExcludeProtocols(DEPRECATED_SSL_PROTOCOLS);
+ factory.setIncludeProtocols(new String[] {"SSLv2Hello","SSLv3","TLSv1.1","TLSv1.2"});
if (!configs.getSrvrDisabledCiphers().isEmpty()) {
String[] masks = configs.getSrvrDisabledCiphers().split(DISABLED_ENTRIES_SPLITTER);
---------------------------------------------------------------------
To unsubscribe, e-mail: commits-unsubscribe@ambari.apache.org
For additional commands, e-mail: commits-help@ambari.apache.org