[
https://issues.apache.org/jira/browse/HADOOP-15169?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16925304#comment-16925304
]
Wei-Chiu Chuang commented on HADOOP-15169:
------------------------------------------
[~aajisaka] I understand your concern. However, this is merely to achieve
consistency with other Hadoop components. We've got customers with legacy tools
that can only support SSLv2Hello, and they aren't able to use it after
upgrading to Hadoop 3.
[~brahmareddy] thanks for the patch. have you tested it? Looking at Jetty's
SslContextFactory implementation (SslContextFactory#selectProtocols()), after
included protocols are added, it removes excluded protocols, which contains
"SSL", "SSLv2", "SSLv2Hello", "SSLv3". I suspect we should reset excluded
protocols before adding included protocols.
> "hadoop.ssl.enabled.protocols" should be considered in httpserver2
> ------------------------------------------------------------------
>
> Key: HADOOP-15169
> URL: https://issues.apache.org/jira/browse/HADOOP-15169
> Project: Hadoop Common
> Issue Type: Bug
> Components: security
> Reporter: Brahma Reddy Battula
> Assignee: Brahma Reddy Battula
> Priority: Major
> Attachments: HADOOP-15169-branch-2.patch, HADOOP-15169.patch
>
>
> As of now *hadoop.ssl.enabled.protocols"* will not take effect for all the
> http servers( only Datanodehttp server will use this config).
--
This message was sent by Atlassian Jira
(v8.3.2#803003)
---------------------------------------------------------------------
To unsubscribe, e-mail: common-issues-unsubscr...@hadoop.apache.org
For additional commands, e-mail: common-issues-h...@hadoop.apache.org
