[
https://issues.apache.org/jira/browse/HADOOP-11260?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14196368#comment-14196368
]
Mike Yoder commented on HADOOP-11260:
-------------------------------------
Thanks, [~tucu00]. I tried writing a unit test - having the java client
specify only SSLv3 as an enabled protocol - but it connected anyway. So I
think there is some java crypto thing I don't quite understand going on. So I
think the answer is "yes, difficult", but I'll poke at it a little more this
morning to see if anything turns up.
> Patch up Jetty to disable SSLv3
> -------------------------------
>
> Key: HADOOP-11260
> URL: https://issues.apache.org/jira/browse/HADOOP-11260
> Project: Hadoop Common
> Issue Type: Bug
> Components: security
> Affects Versions: 2.5.1
> Reporter: Karthik Kambatla
> Assignee: Mike Yoder
> Priority: Blocker
> Attachments: HADOOP-11260.001.patch, HADOOP-11260.002.patch
>
>
> Hadoop uses an older version of Jetty that allows SSLv3. We should fix it up.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
