[
https://issues.apache.org/jira/browse/KNOX-566?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14626558#comment-14626558
]
Tanping Wang edited comment on KNOX-566 at 7/14/15 4:12 PM:
------------------------------------------------------------
I believe we still have issues on JDK 1.7 even adding
-Djdk.tls.ephemeralDHKeySize=2048 into the JVM setting for Ambari server. We
need to double check on this. By adding -Djdk.tls.ephemeralDHKeySize=2048 into
/var/lib/ambari-server/ambari-env.sh
and restart Ambari server, Firefox still does not work properly without turning
off DH key check. This is separate discussion for Ambari, but the same thing
should apply to Knox.
was (Author: tanping):
I believe we still have issues on JDK 1.7 even adding
-Djdk.tls.ephemeralDHKeySize=2048 into the JVM setting for Ambari server. We
need to double check on this.
> Knox Jetty server is vulnerable to Logjam vulnerability
> -------------------------------------------------------
>
> Key: KNOX-566
> URL: https://issues.apache.org/jira/browse/KNOX-566
> Project: Apache Knox
> Issue Type: Bug
> Affects Versions: 0.5.0
> Environment: Red Hat Enterprise Linux Server release 6.4 (Santiago)
> Reporter: Jeffrey E Rodriguez
> Fix For: 0.7.0
>
>
> See description of logjam
> "The Logjam Attack"
> https://weakdh.org/
> To test you should do:
> [root@bdvs1392 logs]# openssl s_client -connect bdvs1392.svl.ibm.com:8443
> -cipher "EDH" | grep "Server Temp Key"
> depth=0 C = US, ST = Test, L = Test, O = Hadoop, OU = Test, CN =
> bdvs1392.svl.ibm.com
> verify error:num=18:self signed certificate
> verify return:1
> depth=0 C = US, ST = Test, L = Test, O = Hadoop, OU = Test, CN =
> bdvs1392.svl.ibm.com
> verify return:1
> Server Temp Key: DH, 768 bits
> The key should >= 1024
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
