You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@atlas.apache.org by ma...@apache.org on 2017/01/05 16:52:52 UTC
incubator-atlas git commit: ATLAS-1427: Support an option to exclude
protocols in SSL mode
Repository: incubator-atlas
Updated Branches:
refs/heads/master b72a4c44a -> 6e5863e86
ATLAS-1427: Support an option to exclude protocols in SSL mode
Signed-off-by: Madhan Neethiraj <ma...@apache.org>
Project: http://git-wip-us.apache.org/repos/asf/incubator-atlas/repo
Commit: http://git-wip-us.apache.org/repos/asf/incubator-atlas/commit/6e5863e8
Tree: http://git-wip-us.apache.org/repos/asf/incubator-atlas/tree/6e5863e8
Diff: http://git-wip-us.apache.org/repos/asf/incubator-atlas/diff/6e5863e8
Branch: refs/heads/master
Commit: 6e5863e867791c65916b63e08905a4a04de0beaf
Parents: b72a4c4
Author: nixonrodrigues <ni...@freestoneinfotech.com>
Authored: Wed Jan 4 18:27:07 2017 +0530
Committer: Madhan Neethiraj <ma...@apache.org>
Committed: Thu Jan 5 08:52:41 2017 -0800
----------------------------------------------------------------------
.../java/org/apache/atlas/security/SecurityProperties.java | 3 +++
.../org/apache/atlas/web/service/SecureEmbeddedServer.java | 9 +++++++++
2 files changed, 12 insertions(+)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/incubator-atlas/blob/6e5863e8/common/src/main/java/org/apache/atlas/security/SecurityProperties.java
----------------------------------------------------------------------
diff --git a/common/src/main/java/org/apache/atlas/security/SecurityProperties.java b/common/src/main/java/org/apache/atlas/security/SecurityProperties.java
index 191d869..2e953eb 100644
--- a/common/src/main/java/org/apache/atlas/security/SecurityProperties.java
+++ b/common/src/main/java/org/apache/atlas/security/SecurityProperties.java
@@ -43,4 +43,7 @@ public final class SecurityProperties {
public static final String ATLAS_SSL_EXCLUDE_CIPHER_SUITES = "atlas.ssl.exclude.cipher.suites";
public static final List<String> DEFAULT_CIPHER_SUITES = Arrays.asList(
".*NULL.*", ".*RC4.*", ".*MD5.*", ".*DES.*", ".*DSS.*");
+ public static final String ATLAS_SSL_EXCLUDE_PROTOCOLS = "atlas.ssl.exclude.protocols";
+ public static final String[] DEFAULT_EXCLUDE_PROTOCOLS = new String[] { "TLSv1", "TLSv1.1" };
+
}
http://git-wip-us.apache.org/repos/asf/incubator-atlas/blob/6e5863e8/webapp/src/main/java/org/apache/atlas/web/service/SecureEmbeddedServer.java
----------------------------------------------------------------------
diff --git a/webapp/src/main/java/org/apache/atlas/web/service/SecureEmbeddedServer.java b/webapp/src/main/java/org/apache/atlas/web/service/SecureEmbeddedServer.java
index a6af5a2..fa02e9b 100755
--- a/webapp/src/main/java/org/apache/atlas/web/service/SecureEmbeddedServer.java
+++ b/webapp/src/main/java/org/apache/atlas/web/service/SecureEmbeddedServer.java
@@ -49,6 +49,9 @@ import static org.apache.atlas.security.SecurityProperties.KEYSTORE_PASSWORD_KEY
import static org.apache.atlas.security.SecurityProperties.SERVER_CERT_PASSWORD_KEY;
import static org.apache.atlas.security.SecurityProperties.TRUSTSTORE_FILE_KEY;
import static org.apache.atlas.security.SecurityProperties.TRUSTSTORE_PASSWORD_KEY;
+import static org.apache.atlas.security.SecurityProperties.ATLAS_SSL_EXCLUDE_PROTOCOLS;
+import static org.apache.atlas.security.SecurityProperties.DEFAULT_EXCLUDE_PROTOCOLS;
+
/**
* This is a jetty server which requires client auth via certificates.
@@ -78,6 +81,12 @@ public class SecureEmbeddedServer extends EmbeddedServer {
sslContextFactory.setExcludeCipherSuites(cipherList.toArray(new String[cipherList.size()]));
sslContextFactory.setRenegotiationAllowed(false);
+ String[] excludedProtocols = config.containsKey(ATLAS_SSL_EXCLUDE_PROTOCOLS) ?
+ config.getStringArray(ATLAS_SSL_EXCLUDE_PROTOCOLS) : DEFAULT_EXCLUDE_PROTOCOLS;
+ if (excludedProtocols != null && excludedProtocols.length > 0) {
+ sslContextFactory.addExcludeProtocols(excludedProtocols);
+ }
+
// SSL HTTP Configuration
// HTTP Configuration
HttpConfiguration http_config = new HttpConfiguration();