[
https://issues.apache.org/jira/browse/OOZIE-2756?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Attila Sasvari updated OOZIE-2756:
----------------------------------
Attachment: OOZIE-2756-01.patch
Additional tests I performed (manually):
Exclude protocol test
- added {{TLSv1.2}} with {{oozie.https.exclude.protocol}} in {{oozie-site.xml}}
- verified {{curl -k --tlsv1.2 https://localhost:11443 -vv}} failed
Exclude ciphers "always win"
- added {{TLS_ECDHE_RSA_WITH_RC4_128_SHA}} to
{{oozie.https.include.cipher.suites}} _Note: it is excluded by default_
- verified that {{curl}} could not connect to server
In my opinion, this kind of simple integration tests (e.g. starting the Oozie
server with HTTPS with different configuration settings) may be worth to
automate in the future.
> Extend HTTPS configuration settings for embedded Jetty
> ------------------------------------------------------
>
> Key: OOZIE-2756
> URL: https://issues.apache.org/jira/browse/OOZIE-2756
> Project: Oozie
> Issue Type: Improvement
> Reporter: Attila Sasvari
> Assignee: Attila Sasvari
> Attachments: OOZIE-2756-01.patch
>
>
> Regarding HTTPS settings, currently Oozie only support
> {{oozie.https.include.protocols}} and {{oozie.https.exclude.cipher.suites}}
> (introduced by OOZIE-2666).
> However, Jetty SslContextFactory supports the following configurations:
> * excludeProtocols
> * includeProtocols
> * excludeCipherSuites
> * includeCipherSuites
> To have more control over employed protocols and cipher suites, we should
> extend current implementation to allow users to configure
> {{excludeProtocols}} and {{includeCipherSuites}}. Sensible defaults are also
> needed.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
