You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@atlas.apache.org by ma...@apache.org on 2017/01/05 16:52:52 UTC

incubator-atlas git commit: ATLAS-1427: Support an option to exclude protocols in SSL mode

Repository: incubator-atlas
Updated Branches:
  refs/heads/master b72a4c44a -> 6e5863e86


ATLAS-1427: Support an option to exclude protocols in SSL mode

Signed-off-by: Madhan Neethiraj <ma...@apache.org>


Project: http://git-wip-us.apache.org/repos/asf/incubator-atlas/repo
Commit: http://git-wip-us.apache.org/repos/asf/incubator-atlas/commit/6e5863e8
Tree: http://git-wip-us.apache.org/repos/asf/incubator-atlas/tree/6e5863e8
Diff: http://git-wip-us.apache.org/repos/asf/incubator-atlas/diff/6e5863e8

Branch: refs/heads/master
Commit: 6e5863e867791c65916b63e08905a4a04de0beaf
Parents: b72a4c4
Author: nixonrodrigues <ni...@freestoneinfotech.com>
Authored: Wed Jan 4 18:27:07 2017 +0530
Committer: Madhan Neethiraj <ma...@apache.org>
Committed: Thu Jan 5 08:52:41 2017 -0800

----------------------------------------------------------------------
 .../java/org/apache/atlas/security/SecurityProperties.java  | 3 +++
 .../org/apache/atlas/web/service/SecureEmbeddedServer.java  | 9 +++++++++
 2 files changed, 12 insertions(+)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/incubator-atlas/blob/6e5863e8/common/src/main/java/org/apache/atlas/security/SecurityProperties.java
----------------------------------------------------------------------
diff --git a/common/src/main/java/org/apache/atlas/security/SecurityProperties.java b/common/src/main/java/org/apache/atlas/security/SecurityProperties.java
index 191d869..2e953eb 100644
--- a/common/src/main/java/org/apache/atlas/security/SecurityProperties.java
+++ b/common/src/main/java/org/apache/atlas/security/SecurityProperties.java
@@ -43,4 +43,7 @@ public final class SecurityProperties {
     public static final String ATLAS_SSL_EXCLUDE_CIPHER_SUITES = "atlas.ssl.exclude.cipher.suites";
     public static final List<String> DEFAULT_CIPHER_SUITES = Arrays.asList(
             ".*NULL.*", ".*RC4.*", ".*MD5.*", ".*DES.*", ".*DSS.*");
+    public static final String ATLAS_SSL_EXCLUDE_PROTOCOLS = "atlas.ssl.exclude.protocols";
+    public static final String[] DEFAULT_EXCLUDE_PROTOCOLS = new String[] { "TLSv1", "TLSv1.1" };
+
 }

http://git-wip-us.apache.org/repos/asf/incubator-atlas/blob/6e5863e8/webapp/src/main/java/org/apache/atlas/web/service/SecureEmbeddedServer.java
----------------------------------------------------------------------
diff --git a/webapp/src/main/java/org/apache/atlas/web/service/SecureEmbeddedServer.java b/webapp/src/main/java/org/apache/atlas/web/service/SecureEmbeddedServer.java
index a6af5a2..fa02e9b 100755
--- a/webapp/src/main/java/org/apache/atlas/web/service/SecureEmbeddedServer.java
+++ b/webapp/src/main/java/org/apache/atlas/web/service/SecureEmbeddedServer.java
@@ -49,6 +49,9 @@ import static org.apache.atlas.security.SecurityProperties.KEYSTORE_PASSWORD_KEY
 import static org.apache.atlas.security.SecurityProperties.SERVER_CERT_PASSWORD_KEY;
 import static org.apache.atlas.security.SecurityProperties.TRUSTSTORE_FILE_KEY;
 import static org.apache.atlas.security.SecurityProperties.TRUSTSTORE_PASSWORD_KEY;
+import static org.apache.atlas.security.SecurityProperties.ATLAS_SSL_EXCLUDE_PROTOCOLS;
+import static org.apache.atlas.security.SecurityProperties.DEFAULT_EXCLUDE_PROTOCOLS;
+
 
 /**
  * This is a jetty server which requires client auth via certificates.
@@ -78,6 +81,12 @@ public class SecureEmbeddedServer extends EmbeddedServer {
         sslContextFactory.setExcludeCipherSuites(cipherList.toArray(new String[cipherList.size()]));
         sslContextFactory.setRenegotiationAllowed(false);
 
+        String[] excludedProtocols = config.containsKey(ATLAS_SSL_EXCLUDE_PROTOCOLS) ?
+                config.getStringArray(ATLAS_SSL_EXCLUDE_PROTOCOLS) : DEFAULT_EXCLUDE_PROTOCOLS;
+        if (excludedProtocols != null && excludedProtocols.length > 0) {
+            sslContextFactory.addExcludeProtocols(excludedProtocols);
+        }
+
         // SSL HTTP Configuration
         // HTTP Configuration
         HttpConfiguration http_config = new HttpConfiguration();