You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@ambari.apache.org by "Robert Levas (JIRA)" <ji...@apache.org> on 2016/01/22 19:37:39 UTC
[jira] [Created] (AMBARI-14778) Ambari Server CA should use sha265
as default message digest algorthm
Robert Levas created AMBARI-14778:
-------------------------------------
Summary: Ambari Server CA should use sha265 as default message digest algorthm
Key: AMBARI-14778
URL: https://issues.apache.org/jira/browse/AMBARI-14778
Project: Ambari
Issue Type: Bug
Components: ambari-server
Affects Versions: 2.1.1
Reporter: Robert Levas
Assignee: Robert Levas
Fix For: 2.2.2
The Ambari Server (built-in) CA should use {{SHA265}} as default message digest algorithm rather than the no longer trusted {{MD5}} and {{SHA1}} digest algorithms.
To do this, change the following line (in both the unix and windows version of the file):
{code:title=ambari-server/conf/unix/ca.config}
default_md = md5
{code}
To
{code:title=ambari-server/conf/unix/ca.config}
default_md = sha256
{code}
Note: This directly affects 2-way SSL between Ambari server and the agents due to security constraints in newer JVMs, like
{noformat}
openjdk version "1.8.0_71"
OpenJDK Runtime Environment (build 1.8.0_71-b15)
OpenJDK 64-Bit Server VM (build 25.71-b15, mixed mode)
{noformat}
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)