[ https://issues.apache.org/jira/browse/HADOOP-11260?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14195248#comment-14195248 ]
Karthik Kambatla commented on HADOOP-11260: ------------------------------------------- HADOOP-11243 adds a config for allowed ssl protocols: {code} public static final String SSL_ENABLED_PROTOCOLS = "hadoop.ssl.enabled.protocols"; public static final String DEFAULT_SSL_ENABLED_PROTOCOLS = "TLSv1"; {code} Can we just reuse that? > Patch up Jetty to disable SSLv3 > ------------------------------- > > Key: HADOOP-11260 > URL: https://issues.apache.org/jira/browse/HADOOP-11260 > Project: Hadoop Common > Issue Type: Bug > Components: security > Affects Versions: 2.5.1 > Reporter: Karthik Kambatla > Assignee: Mike Yoder > Priority: Blocker > Attachments: HADOOP-11260.001.patch > > > Hadoop uses an older version of Jetty that allows SSLv3. We should fix it up. -- This message was sent by Atlassian JIRA (v6.3.4#6332)