You are viewing a plain text version of this content. The canonical link for it is here.
Posted to common-issues@hadoop.apache.org by "Zhe Zhang (JIRA)" <ji...@apache.org> on 2016/03/08 00:42:40 UTC
[jira] [Commented] (HADOOP-12886) Exclude weak ciphers in
SSLFactory through ssl-server.xml
[ https://issues.apache.org/jira/browse/HADOOP-12886?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15184035#comment-15184035 ]
Zhe Zhang commented on HADOOP-12886:
------------------------------------
Thanks Wei-Chiu. Patch LGTM overall. I just triggered Jenkins. A few minors:
# Empty line change in {{init}} doesn't seem necessary
# "LOG.debug("Disable cipher suite {}.", cipherName);" => disabling?
# Can we have a unit test?
> Exclude weak ciphers in SSLFactory through ssl-server.xml
> ---------------------------------------------------------
>
> Key: HADOOP-12886
> URL: https://issues.apache.org/jira/browse/HADOOP-12886
> Project: Hadoop Common
> Issue Type: Improvement
> Affects Versions: 2.7.2
> Reporter: Wei-Chiu Chuang
> Assignee: Wei-Chiu Chuang
> Labels: Netty, datanode, security
> Attachments: HADOOP-12886.001.patch
>
>
> HADOOP-12668 added support to exclude weak ciphers in HttpServer2, which is good for name nodes. But data node web UI is based on Netty, which uses SSLFactory and does not read ssl-server.xml to exclude the ciphers.
> We should also add the same support for Netty for consistency.
> I will attach a full patch later.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)