You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@flume.apache.org by Hari Shreedharan <hs...@cloudera.com> on 2014/11/11 23:03:02 UTC

SSLv2Hello is required on Java 6

Hi,


Right after we pushed 1.5.1 out (I have not even sent the announce email), we discovered that Java 6 requires SSLv2Hello on the server side for negotiation even if TLS is used (unless the client code is also changed to disable SSLv2Hello). So:


- For HTTP Source, any clients running on Java 6 would need code changes to also disable SSLv2Hello to be able to send data via TLSv1.
- For Avro Source, any clients running Flume SDK < 1.5.1 on Java 6 would break and requires the client application to upgrade to 1.5.1. 


I filed FLUME-2547 to fix this.


My question to the community here is whether we want a new release bringing SSLv2Hello back or if we are willing to just document this and move forward?


I am willing to put together an RC if required.

Thanks,
Hari

Re: SSLv2Hello is required on Java 6

Posted by Hari Shreedharan <hs...@cloudera.com>.

Thanks. I will spin up an RC later today.


Thanks,
Hari

On Wed, Nov 12, 2014 at 7:51 AM, Jarek Jarcec Cecho <ja...@apache.org>
wrote:

> Hi Hari,
> I’ve just reviewed and committed FLUME-2547 and it’s subtasks. As we are supporting JDK6, I would be in favor of doing another quick release.
> Jarcec
>> On Nov 11, 2014, at 2:03 PM, Hari Shreedharan <hs...@cloudera.com> wrote:
>> 
>> Hi,
>> 
>> 
>> Right after we pushed 1.5.1 out (I have not even sent the announce email), we discovered that Java 6 requires SSLv2Hello on the server side for negotiation even if TLS is used (unless the client code is also changed to disable SSLv2Hello). So:
>> 
>> 
>> - For HTTP Source, any clients running on Java 6 would need code changes to also disable SSLv2Hello to be able to send data via TLSv1.
>> - For Avro Source, any clients running Flume SDK < 1.5.1 on Java 6 would break and requires the client application to upgrade to 1.5.1. 
>> 
>> 
>> I filed FLUME-2547 to fix this.
>> 
>> 
>> My question to the community here is whether we want a new release bringing SSLv2Hello back or if we are willing to just document this and move forward?
>> 
>> 
>> I am willing to put together an RC if required.
>> 
>> Thanks,
>> Hari

Re: SSLv2Hello is required on Java 6

Posted by Jarek Jarcec Cecho <ja...@apache.org>.

Hi Hari,
I’ve just reviewed and committed FLUME-2547 and it’s subtasks. As we are supporting JDK6, I would be in favor of doing another quick release.

Jarcec

> On Nov 11, 2014, at 2:03 PM, Hari Shreedharan <hs...@cloudera.com> wrote:
> 
> Hi,
> 
> 
> Right after we pushed 1.5.1 out (I have not even sent the announce email), we discovered that Java 6 requires SSLv2Hello on the server side for negotiation even if TLS is used (unless the client code is also changed to disable SSLv2Hello). So:
> 
> 
> - For HTTP Source, any clients running on Java 6 would need code changes to also disable SSLv2Hello to be able to send data via TLSv1.
> - For Avro Source, any clients running Flume SDK < 1.5.1 on Java 6 would break and requires the client application to upgrade to 1.5.1. 
> 
> 
> I filed FLUME-2547 to fix this.
> 
> 
> My question to the community here is whether we want a new release bringing SSLv2Hello back or if we are willing to just document this and move forward?
> 
> 
> I am willing to put together an RC if required.
> 
> Thanks,
> Hari