Re: Review Request 57955: Allow for larger Ephemeral DH Keys in Ambari server running on JVM versions 1.8 and above

Mon, 27 Mar 2017 06:43:02 -0700 

-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/57955/
-----------------------------------------------------------

(Updated March 27, 2017, 1:42 p.m.)


Review request for Ambari, Attila Doroszlai, Balázs Bence Sári, Laszlo Puskas, 
Robert Levas, and Sebastian Toader.


Changes
-------

regenerated index.md


Bugs: AMBARI-20583
    https://issues.apache.org/jira/browse/AMBARI-20583


Repository: ambari


Description
-------

This can already be done by manually editing the ambari-env.sh file 
(/var/lib/ambari-server/ambari-env.sh) and adding the following to the 
AMBARI_JVM_ARGS environment variable:
-Djdk.tls.ephemeralDHKeySize=2048

To help users set this value, Ambari should provide a property in the 
ambari.properties file. If a supported JVM is in use, Ambari should internally 
set the System property (before creating the embedded web server) as specified 
by the user. A possible Ambari property name could be 
security.server.tls.ephemeral_dh_key_size. If not set, it's default value 
should be 2048.


Diffs (updated)
-----

  ambari-server/docs/configuration/index.md 90865b6 
  
ambari-server/src/main/java/org/apache/ambari/server/configuration/Configuration.java
 79c5d12 
  
ambari-server/src/main/java/org/apache/ambari/server/controller/AmbariServer.java
 1f1689a 


Diff: https://reviews.apache.org/r/57955/diff/2/

Changes: https://reviews.apache.org/r/57955/diff/1-2/


Testing
-------

manually:
1.
- set security.server.tls.ephemeral_dh_key_size=1024 to ambari.properties
- restarted ambari
- checked that DH key size was 1024 using openssl s_client -connect `hostname 
-f`:8441 -cipher "EDH"
2.
- deleted security.server.tls.ephemeral_dh_key_size=1024 from ambari.properties
- restarted ambari
- checked that DH key size was 2048 (default) using openssl s_client -connect 
`hostname -f`:8441 -cipher "EDH"


Existing tests:
Results :
Tests run: 4957, Failures: 0, Errors: 0, Skipped: 39
----------------------------------------------------------------------
Ran 272 tests in 6.878s

OK
----------------------------------------------------------------------
Total run:1192
Total errors:0
Total failures:0

Ran 466 tests in 17.251s


Thanks,

Attila Magyar

Reply via email to