[jira] [Commented] (HADOOP-11218) Add TLSv1.1,TLSv1.2 to KMS, HttpFS, SSLFactory

Thu, 01 Oct 2015 22:35:09 -0700 

    [ 
https://issues.apache.org/jira/browse/HADOOP-11218?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14940784#comment-14940784
 ] 

Vijay Singh commented on HADOOP-11218:
--------------------------------------

Please find the result of tests carried out.
{noformat}
[root@vjs-1 ~]# diff 
/opt/myclient/hadoop-httpfs/tomcat-conf.https/conf/server.xml 
/opt/myclient/hadoop-httpfs/tomcat-conf.https/conf/server_tls1.xml 
73c73
<                clientAuth="false" 
sslEnabledProtocols=“TLSv1,TLSv1.1,TLSv1.2,SSLv2Hello"
---
>                clientAuth="false" sslEnabledProtocols="TLSv1,SSLv2Hello"

[root@vjkc ~]# openssl s_client -connect vjs-1.vpc.myclient.com:14000  -tls1 
-CAfile /opt/myclient/security/setup/ca-certs/VIJAY-WIN-HEN9IV5CAGA-CA.pem | 
grep Renegotiation
depth=1 DC = FCE, DC = SINGH, DC = VIJAY, CN = VIJAY-WIN-HEN9IV5CAGA-CA
verify return:1
depth=0 C = US, ST = Illinois, L = Chicago, O = myclient, OU = EDHCLUSTER, CN = 
vjs-1.vpc.myclient.com
verify return:1

Secure Renegotiation IS supported

[root@vjkc ~]# openssl s_client -connect vjs-1.vpc.myclient.com:14000  -tls1_1 
-CAfile /opt/myclient/security/setup/ca-certs/VIJAY-WIN-HEN9IV5CAGA-CA.pem | 
grep -i Renegotiation
depth=1 DC = FCE, DC = SINGH, DC = VIJAY, CN = VIJAY-WIN-HEN9IV5CAGA-CA
verify return:1
depth=0 C = US, ST = Illinois, L = Chicago, O = myclient, OU = EDHCLUSTER, CN = 
vjs-1.vpc.myclient.com
verify return:1

Secure Renegotiation IS supported

[root@vjkc ~]# openssl s_client -connect vjs-1.vpc.myclient.com:14000  -tls1_2 
-CAfile /opt/myclient/security/setup/ca-certs/VIJAY-WIN-HEN9IV5CAGA-CA.pem | 
grep -i Renegotiation
depth=1 DC = FCE, DC = SINGH, DC = VIJAY, CN = VIJAY-WIN-HEN9IV5CAGA-CA
verify return:1
depth=0 C = US, ST = Illinois, L = Chicago, O = myclient, OU = EDHCLUSTER, CN = 
vjs-1.vpc.myclient.com
verify return:1

Secure Renegotiation IS supported
{noformat}


> Add TLSv1.1,TLSv1.2 to KMS, HttpFS, SSLFactory
> ----------------------------------------------
>
>                 Key: HADOOP-11218
>                 URL: https://issues.apache.org/jira/browse/HADOOP-11218
>             Project: Hadoop Common
>          Issue Type: Bug
>          Components: kms
>    Affects Versions: 2.7.0
>            Reporter: Robert Kanter
>            Priority: Critical
>
> HADOOP-11217 required us to specifically list the versions of TLS that KMS 
> supports. With Hadoop 2.7 dropping support for Java 6 and Java 7 supporting 
> TLSv1.1 and TLSv1.2, we should add them to the list.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Reply via email to