[
https://issues.apache.org/jira/browse/HADOOP-11218?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14188693#comment-14188693
]
Haohui Mai commented on HADOOP-11218:
-------------------------------------
Let me try to rephrase a little bit to see whether it makes sense: I propose to
not exposing the configuration to the user. Instead, the code should pick
reasonable settings.
What I'm proposing is that the code just disable SSLv3 and not exposing it as a
configuration, as configuring it properly requires domain knowledges and
misconfiguration can lead to security issues. Make sense?
> Add TLSv1.1,TLSv1.2 to KMS, HttpFS, SSLFactory
> ----------------------------------------------
>
> Key: HADOOP-11218
> URL: https://issues.apache.org/jira/browse/HADOOP-11218
> Project: Hadoop Common
> Issue Type: Bug
> Components: kms
> Affects Versions: 2.7.0
> Reporter: Robert Kanter
> Priority: Critical
>
> HADOOP-11217 required us to specifically list the versions of TLS that KMS
> supports. With Hadoop 2.7 dropping support for Java 6 and Java 7 supporting
> TLSv1.1 and TLSv1.2, we should add them to the list.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
