You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@ambari.apache.org by "Robert Levas (JIRA)" <ji...@apache.org> on 2016/01/22 19:37:39 UTC

[jira] [Created] (AMBARI-14778) Ambari Server CA should use sha265 as default message digest algorthm

Robert Levas created AMBARI-14778:
-------------------------------------

             Summary: Ambari Server CA should use sha265 as default message digest algorthm
                 Key: AMBARI-14778
                 URL: https://issues.apache.org/jira/browse/AMBARI-14778
             Project: Ambari
          Issue Type: Bug
          Components: ambari-server
    Affects Versions: 2.1.1
            Reporter: Robert Levas
            Assignee: Robert Levas
             Fix For: 2.2.2


The Ambari Server (built-in) CA should use {{SHA265}} as default message digest algorithm rather than the no longer trusted {{MD5}} and {{SHA1}} digest algorithms.

To do this, change the following line (in both the unix and windows version of the file):

{code:title=ambari-server/conf/unix/ca.config}
default_md             = md5 
{code}

To

{code:title=ambari-server/conf/unix/ca.config}
default_md             = sha256
{code}

Note: This directly affects 2-way SSL between Ambari server and the agents due to security constraints in newer JVMs, like 
{noformat}
openjdk version "1.8.0_71"
OpenJDK Runtime Environment (build 1.8.0_71-b15)
OpenJDK 64-Bit Server VM (build 25.71-b15, mixed mode)
{noformat}




--
This message was sent by Atlassian JIRA
(v6.3.4#6332)