[
https://issues.apache.org/jira/browse/HIVE-29606?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Naveen Gangam resolved HIVE-29606.
----------------------------------
Fix Version/s: 4.3.0
Resolution: Fixed
Fix has been merged. Thank you for the patch [~VenuReddy]
> Support SSL include protocols and cipher suites for Hive Metastore
> ------------------------------------------------------------------
>
> Key: HIVE-29606
> URL: https://issues.apache.org/jira/browse/HIVE-29606
> Project: Hive
> Issue Type: Bug
> Components: Metastore, Security, Standalone Metastore
> Reporter: Venugopal Reddy K
> Assignee: Venugopal Reddy K
> Priority: Major
> Labels: pull-request-available
> Fix For: 4.3.0
>
>
> *[Background]*
> Currently, HiveServer2 supports explicit SSL include cipher suite
> configurations. However, the Hive Metastore lacks specific properties to
> explicitly include or restrict allowed SSL protocols and cipher suites.
> To improve security posture and allow administrators to enforce modern
> cryptographic standards (e.g., forcing TLS 1.2+ or specific high-strength
> ciphers), we should introduce the following configuration properties to HMS.
> 1.{{{} hive.metastore.include.protocols{}}}: A comma-separated list of
> allowed SSL/TLS protocols (e.g., {{{}TLSv1.2{}}}, {{{}TLSv1.3{}}}).
> 2. {{{}hive.metastore.include.ciphersuites{}}}: A colon-separated list of
> allowed SSL cipher suites.(e.g.,
> TLS_RSA_WITH_AES_256_GCM_SHA384:TLS_AES_256_GCM_SHA384)
> These properties should be applied when the Metastore is started in SSL mode.
>
> *[Proposal]*
> 1. Add {{hive.metastore.include.protocols}} and
> {{{}hive.metastore.include.ciphersuites{}}}{{{{}}{}}} to the HMS.
> 2. Initialize with these configurations on SSL sockets.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
