Mate Szalay-Beko created HBASE-25993:
----------------------------------------
Summary: Make excluded cipher suites configurable for all Web UIs
Key: HBASE-25993
URL: https://issues.apache.org/jira/browse/HBASE-25993
Project: HBase
Issue Type: Improvement
Affects Versions: 2.4.4, 2.3.5, 2.2.7, 3.0.0-alpha-1, 2.5.0
Reporter: Mate Szalay-Beko
Assignee: Mate Szalay-Beko
When starting a jetty http server, one can explicitly exclude certain
(unsecure) SSL cipher suites. This can be especially important, when the HBase
cluster needs to be compliant with security regulations (e.g. FIPS).
Currently it is possible to set the excluded ciphers for the ThriftServer
("hbase.thrift.ssl.exclude.cipher.suites") or for the RestServer
("hbase.rest.ssl.exclude.cipher.suites"), but one can not configure it for the
regular InfoServer started by e.g. the master or region servers.
In this commit I want to introduce a new configuration
"ssl.server.exclude.cipher.list" to configure the excluded cipher suites for
the http server started by the InfoServer. This parameter has the same name and
will work in the same way, as it was already implemented in hadoop (e.g. for
hdfs/yarn). See: HADOOP-12668, HADOOP-14341
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
