You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@flume.apache.org by Hari Shreedharan <hs...@cloudera.com> on 2014/11/11 23:03:02 UTC
SSLv2Hello is required on Java 6
Hi,
Right after we pushed 1.5.1 out (I have not even sent the announce email), we discovered that Java 6 requires SSLv2Hello on the server side for negotiation even if TLS is used (unless the client code is also changed to disable SSLv2Hello). So:
- For HTTP Source, any clients running on Java 6 would need code changes to also disable SSLv2Hello to be able to send data via TLSv1.
- For Avro Source, any clients running Flume SDK < 1.5.1 on Java 6 would break and requires the client application to upgrade to 1.5.1.
I filed FLUME-2547 to fix this.
My question to the community here is whether we want a new release bringing SSLv2Hello back or if we are willing to just document this and move forward?
I am willing to put together an RC if required.
Thanks,
Hari
Re: SSLv2Hello is required on Java 6
Posted by Hari Shreedharan <hs...@cloudera.com>.
Thanks. I will spin up an RC later today.
Thanks,
Hari
On Wed, Nov 12, 2014 at 7:51 AM, Jarek Jarcec Cecho <ja...@apache.org>
wrote:
> Hi Hari,
> I’ve just reviewed and committed FLUME-2547 and it’s subtasks. As we are supporting JDK6, I would be in favor of doing another quick release.
> Jarcec
>> On Nov 11, 2014, at 2:03 PM, Hari Shreedharan <hs...@cloudera.com> wrote:
>>
>> Hi,
>>
>>
>> Right after we pushed 1.5.1 out (I have not even sent the announce email), we discovered that Java 6 requires SSLv2Hello on the server side for negotiation even if TLS is used (unless the client code is also changed to disable SSLv2Hello). So:
>>
>>
>> - For HTTP Source, any clients running on Java 6 would need code changes to also disable SSLv2Hello to be able to send data via TLSv1.
>> - For Avro Source, any clients running Flume SDK < 1.5.1 on Java 6 would break and requires the client application to upgrade to 1.5.1.
>>
>>
>> I filed FLUME-2547 to fix this.
>>
>>
>> My question to the community here is whether we want a new release bringing SSLv2Hello back or if we are willing to just document this and move forward?
>>
>>
>> I am willing to put together an RC if required.
>>
>> Thanks,
>> Hari
Re: SSLv2Hello is required on Java 6
Posted by Jarek Jarcec Cecho <ja...@apache.org>.
Hi Hari,
I’ve just reviewed and committed FLUME-2547 and it’s subtasks. As we are supporting JDK6, I would be in favor of doing another quick release.
Jarcec
> On Nov 11, 2014, at 2:03 PM, Hari Shreedharan <hs...@cloudera.com> wrote:
>
> Hi,
>
>
> Right after we pushed 1.5.1 out (I have not even sent the announce email), we discovered that Java 6 requires SSLv2Hello on the server side for negotiation even if TLS is used (unless the client code is also changed to disable SSLv2Hello). So:
>
>
> - For HTTP Source, any clients running on Java 6 would need code changes to also disable SSLv2Hello to be able to send data via TLSv1.
> - For Avro Source, any clients running Flume SDK < 1.5.1 on Java 6 would break and requires the client application to upgrade to 1.5.1.
>
>
> I filed FLUME-2547 to fix this.
>
>
> My question to the community here is whether we want a new release bringing SSLv2Hello back or if we are willing to just document this and move forward?
>
>
> I am willing to put together an RC if required.
>
> Thanks,
> Hari