[
https://issues.apache.org/jira/browse/HADOOP-11218?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14188667#comment-14188667
]
Haohui Mai commented on HADOOP-11218:
-------------------------------------
I propose a more aggressive approach, that is, to remove this configuration and
pick reasonable ciphers / protocols. The reason is that it requires some domain
knowledges to properly configure it correctly, and misconfiguring it can lead
to security holes. It would be nice to not having a configuration that can
shoot the users' foot.
Note that the configuration is added in 2.6 which still supports Java 6. The
configuration allows users that run 2.6 on Java 7 to disable the flawed
protocols / ciphers. As 2.7 is going to support Java 7 only, I think that the
original motivation is fulfilled thus the configuration can be removed.
> Add TLSv1.1,TLSv1.2 to KMS, HttpFS, SSLFactory
> ----------------------------------------------
>
> Key: HADOOP-11218
> URL: https://issues.apache.org/jira/browse/HADOOP-11218
> Project: Hadoop Common
> Issue Type: Bug
> Components: kms
> Affects Versions: 2.7.0
> Reporter: Robert Kanter
> Priority: Critical
>
> HADOOP-11217 required us to specifically list the versions of TLS that KMS
> supports. With Hadoop 2.7 dropping support for Java 6 and Java 7 supporting
> TLSv1.1 and TLSv1.2, we should add them to the list.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
