[jira] [Commented] (HADOOP-12668) Modify HDFS embeded jetty server logic in HttpServer2.java to exclude weak Ciphers through ssl-server.conf

Sun, 21 Feb 2016 18:13:21 -0800 

    [ 
https://issues.apache.org/jira/browse/HADOOP-12668?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15156384#comment-15156384
 ] 

Vijay Singh commented on HADOOP-12668:
--------------------------------------

Patch 11 (same code) when submitted for the latest tests, ran fine for tests in 
error in earlier run. However, there was one error in latest run that did not 
error in earlier release. This makes me believe the test runs though in error 
have covered all unit tests successfully in two separate runs. 

Please advise the next steps for me. I am at loss here as to how can I 
guarantee successful run without any -1.

> Modify HDFS embeded jetty server logic in HttpServer2.java to exclude weak 
> Ciphers through ssl-server.conf
> ----------------------------------------------------------------------------------------------------------
>
>                 Key: HADOOP-12668
>                 URL: https://issues.apache.org/jira/browse/HADOOP-12668
>             Project: Hadoop Common
>          Issue Type: Improvement
>          Components: security
>    Affects Versions: 2.7.1
>            Reporter: Vijay Singh
>            Assignee: Vijay Singh
>            Priority: Critical
>              Labels: common, ha, hadoop, hdfs, security
>         Attachments: Hadoop-12668.006.patch, Hadoop-12668.007.patch, 
> Hadoop-12668.008.patch, Hadoop-12668.009.patch, Hadoop-12668.010.patch, 
> Hadoop-12668.011.patch, test.log
>
>   Original Estimate: 24h
>  Remaining Estimate: 24h
>
> Currently Embeded jetty Server used across all hadoop services is configured 
> through ssl-server.xml file from their respective configuration section. 
> However, the SSL/TLS protocol being used for this jetty servers can be 
> downgraded to weak cipher suites. This code changes aims to add following 
> functionality:
> 1) Add logic in hadoop common (HttpServer2.java and associated interfaces) to 
> spawn jetty servers with ability to exclude weak cipher suites. I propose we 
> make this though ssl-server.xml and hence each service can choose to disable 
> specific ciphers.
> 2) Modify DFSUtil.java used by HDFS code to supply new parameter 
> ssl.server.exclude.cipher.list for hadoop-common code, so it can exclude the 
> ciphers supplied through this key.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Reply via email to