[ https://issues.apache.org/jira/browse/AMBARI-17666?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15754858#comment-15754858 ]
Tuong Truong commented on AMBARI-17666: --------------------------------------- Awesome.. Thanks for fixing this issue Doroszlai. > Ambari agent can't start when TLSv1 is disabled in Java security > ---------------------------------------------------------------- > > Key: AMBARI-17666 > URL: https://issues.apache.org/jira/browse/AMBARI-17666 > Project: Ambari > Issue Type: Bug > Components: ambari-agent > Affects Versions: 2.2.0 > Reporter: Tuong Truong > Assignee: Dmitry Lysnichenko > Labels: security > Fix For: 2.5.0 > > Attachments: AMBARI-17666_test_trunk.patch > > > Currently, the commit for https://issues.apache.org/jira/browse/AMBARI-14236 > explicit force the SSL protocol to TLSv1 in > ambari-agent/src/main/python/ambari_agent/alerts/web_alert.py. Unfortunate, > this setting in effect whenever web_alert pacackged is loaded > (ambari-agent/src/main/python/ambari_agent/AlertSchedulerHandler.py) > regardless whether ssl is used or not. > As a result, disabling TLSv1 in Ambari server will cause the agent to fail to > start. > Recreate: > In Ambari's acitve JDK on Ambari server node, in java.security file, set > jdk.tls.disabledAlgorithms=MD5, SSLv2, SSLv3, TLSv1, DSA, RC4, RSA keySize < > 2048 > restart ambari-server, and you will see errors in ambari agent logs: > ERROR 2016-07-11 15:11:15,269 NetUtil.py:84 - [Errno 8] _ssl.c:492: EOF > occurred in violation of protocol > ERROR 2016-07-11 15:11:15,269 NetUtil.py:85 - SSLError: Failed to connect. > Please check openssl library versions. > Refer to: https://bugzilla.redhat.com/show_bug.cgi?id=1022468 for more > details. -- This message was sent by Atlassian JIRA (v6.3.4#6332)