----------------------------------------------------------- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/57955/#review170174 -----------------------------------------------------------
Are there any unit tests to update or add for this? ambari-server/src/main/java/org/apache/ambari/server/controller/AmbariServer.java Lines 296 (patched) <https://reviews.apache.org/r/57955/#comment242955> If the user sets `security.server.tls.ephemeral_dh_key_size` incorrectly, say "abc" as opposed to "1024", the value of `configs.getTlsEphemeralDhKeySize()` will be 0 (per the docs for `NumberUtils.toInt(String)`). In this case, do we want to blindly set `dk.tls.ephemeralDHKeySize` to be 0? I would hope that something would fail down the line, but if not, do we want to protect against this and defer to the default value? - Robert Levas On March 27, 2017, 9:42 a.m., Attila Magyar wrote: > > ----------------------------------------------------------- > This is an automatically generated e-mail. To reply, visit: > https://reviews.apache.org/r/57955/ > ----------------------------------------------------------- > > (Updated March 27, 2017, 9:42 a.m.) > > > Review request for Ambari, Attila Doroszlai, Balázs Bence Sári, Laszlo > Puskas, Robert Levas, and Sebastian Toader. > > > Bugs: AMBARI-20583 > https://issues.apache.org/jira/browse/AMBARI-20583 > > > Repository: ambari > > > Description > ------- > > This can already be done by manually editing the ambari-env.sh file > (/var/lib/ambari-server/ambari-env.sh) and adding the following to the > AMBARI_JVM_ARGS environment variable: > -Djdk.tls.ephemeralDHKeySize=2048 > > To help users set this value, Ambari should provide a property in the > ambari.properties file. If a supported JVM is in use, Ambari should > internally set the System property (before creating the embedded web server) > as specified by the user. A possible Ambari property name could be > security.server.tls.ephemeral_dh_key_size. If not set, it's default value > should be 2048. > > > Diffs > ----- > > ambari-server/docs/configuration/index.md 90865b6 > > ambari-server/src/main/java/org/apache/ambari/server/configuration/Configuration.java > 79c5d12 > > ambari-server/src/main/java/org/apache/ambari/server/controller/AmbariServer.java > 1f1689a > > > Diff: https://reviews.apache.org/r/57955/diff/2/ > > > Testing > ------- > > manually: > 1. > - set security.server.tls.ephemeral_dh_key_size=1024 to ambari.properties > - restarted ambari > - checked that DH key size was 1024 using openssl s_client -connect `hostname > -f`:8441 -cipher "EDH" > 2. > - deleted security.server.tls.ephemeral_dh_key_size=1024 from > ambari.properties > - restarted ambari > - checked that DH key size was 2048 (default) using openssl s_client -connect > `hostname -f`:8441 -cipher "EDH" > > > Existing tests: > Results : > Tests run: 4957, Failures: 0, Errors: 0, Skipped: 39 > ---------------------------------------------------------------------- > Ran 272 tests in 6.878s > > OK > ---------------------------------------------------------------------- > Total run:1192 > Total errors:0 > Total failures:0 > > Ran 466 tests in 17.251s > > > Thanks, > > Attila Magyar > >
