[ https://issues.apache.org/jira/browse/HBASE-25993?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Peter Somogyi resolved HBASE-25993. ----------------------------------- Fix Version/s: 2.4.5 2.3.6 2.5.0 3.0.0-alpha-1 Resolution: Fixed Thanks [~symat] for your contribution. Merged to branch-2.3+. > Make excluded SSL cipher suites configurable for all Web UIs > ------------------------------------------------------------ > > Key: HBASE-25993 > URL: https://issues.apache.org/jira/browse/HBASE-25993 > Project: HBase > Issue Type: Improvement > Affects Versions: 3.0.0-alpha-1, 2.2.7, 2.5.0, 2.3.5, 2.4.4 > Reporter: Mate Szalay-Beko > Assignee: Mate Szalay-Beko > Priority: Major > Fix For: 3.0.0-alpha-1, 2.5.0, 2.3.6, 2.4.5 > > > When starting a jetty http server, one can explicitly exclude certain > (unsecure) SSL cipher suites. This can be especially important, when the > HBase cluster needs to be compliant with security regulations (e.g. FIPS). > Currently it is possible to set the excluded ciphers for the ThriftServer > ("hbase.thrift.ssl.exclude.cipher.suites") or for the RestServer > ("hbase.rest.ssl.exclude.cipher.suites"), but one can not configure it for > the regular InfoServer started by e.g. the master or region servers. > In this commit I want to introduce a new configuration > "ssl.server.exclude.cipher.list" to configure the excluded cipher suites for > the http server started by the InfoServer. This parameter has the same name > and will work in the same way, as it was already implemented in hadoop (e.g. > for hdfs/yarn). See: HADOOP-12668, HADOOP-14341 -- This message was sent by Atlassian Jira (v8.3.4#803005)