[
https://issues.apache.org/jira/browse/HADOOP-12668?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15070705#comment-15070705
]
Vijay Singh commented on HADOOP-12668:
--------------------------------------
Looked at the checkstyle issues. All of them are false positives. Please review
and provide suggestions if any. Also the failed jUnit cases are not related to
patch. ASF license warning is related to some other commit from yarn-4234
Please review the changes and provide suggestions if any.
> Modify HDFS embeded jetty server logic in HttpServer2.java to exclude weak
> Ciphers through ssl-server.conf
> ----------------------------------------------------------------------------------------------------------
>
> Key: HADOOP-12668
> URL: https://issues.apache.org/jira/browse/HADOOP-12668
> Project: Hadoop Common
> Issue Type: Improvement
> Components: security
> Affects Versions: 2.7.1
> Reporter: Vijay Singh
> Assignee: Vijay Singh
> Priority: Critical
> Labels: common, ha, hadoop, hdfs, security
> Attachments: Hadoop-12668_version5.patch
>
> Original Estimate: 24h
> Remaining Estimate: 24h
>
> Currently Embeded jetty Server used across all hadoop services is configured
> through ssl-server.xml file from their respective configuration section.
> However, the SSL/TLS protocol being used for this jetty servers can be
> downgraded to weak cipher suites. This code changes aims to add following
> functionality:
> 1) Add logic in hadoop common (HttpServer2.java and associated interfaces) to
> spawn jetty servers with ability to exclude weak cipher suites. I propose we
> make this though ssl-server.xml and hence each service can choose to disable
> specific ciphers.
> 2) Modify DFSUtil.java used by HDFS code to supply new parameter
> ssl.server.exclude.cipher.list for hadoop-common code, so it can exclude the
> ciphers supplied through this key.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
