Re: Review Request 57955: Allow for larger Ephemeral DH Keys in Ambari server running on JVM versions 1.8 and above

Mon, 27 Mar 2017 05:41:08 -0700 

-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/57955/#review170164
-----------------------------------------------------------


Ship it!




Ship It!

- Sebastian Toader


On March 27, 2017, 2:24 p.m., Attila Magyar wrote:
> 
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/57955/
> -----------------------------------------------------------
> 
> (Updated March 27, 2017, 2:24 p.m.)
> 
> 
> Review request for Ambari, Attila Doroszlai, Balázs Bence Sári, Laszlo 
> Puskas, Robert Levas, and Sebastian Toader.
> 
> 
> Bugs: AMBARI-20583
>     https://issues.apache.org/jira/browse/AMBARI-20583
> 
> 
> Repository: ambari
> 
> 
> Description
> -------
> 
> This can already be done by manually editing the ambari-env.sh file 
> (/var/lib/ambari-server/ambari-env.sh) and adding the following to the 
> AMBARI_JVM_ARGS environment variable:
> -Djdk.tls.ephemeralDHKeySize=2048
> 
> To help users set this value, Ambari should provide a property in the 
> ambari.properties file. If a supported JVM is in use, Ambari should 
> internally set the System property (before creating the embedded web server) 
> as specified by the user. A possible Ambari property name could be 
> security.server.tls.ephemeral_dh_key_size. If not set, it's default value 
> should be 2048.
> 
> 
> Diffs
> -----
> 
>   
> ambari-server/src/main/java/org/apache/ambari/server/configuration/Configuration.java
>  79c5d12 
>   
> ambari-server/src/main/java/org/apache/ambari/server/controller/AmbariServer.java
>  1f1689a 
> 
> 
> Diff: https://reviews.apache.org/r/57955/diff/1/
> 
> 
> Testing
> -------
> 
> manually:
> 1.
> - set security.server.tls.ephemeral_dh_key_size=1024 to ambari.properties
> - restarted ambari
> - checked that DH key size was 1024 using openssl s_client -connect `hostname 
> -f`:8441 -cipher "EDH"
> 2.
> - deleted security.server.tls.ephemeral_dh_key_size=1024 from 
> ambari.properties
> - restarted ambari
> - checked that DH key size was 2048 (default) using openssl s_client -connect 
> `hostname -f`:8441 -cipher "EDH"
> 
> existing tests: pending
> 
> 
> Thanks,
> 
> Attila Magyar
> 
>

Reply via email to