spark git commit: [SPARK-7756] [CORE] Use testing cipher suites common to Oracle and IBM security providers
Repository: spark
Updated Branches:
refs/heads/branch-1.4 509a7cafc -> 459c3d22e
[SPARK-7756] [CORE] Use testing cipher suites common to Oracle and IBM security
providers
Add alias names for supported cipher suites to the sample SSL configuration.
The IBM JSSE provider reports its cipher suite with an SSL_ prefix, but accepts
TLS_ prefixed suite names as an alias. However, Jetty filters the requested
ciphers based on the provider's reported supported suites, so the TLS_ versions
are never passed through to JSSE causing an SSL handshake failure.
Author: Tim Ellison
Closes #6282 from tellison/SSLFailure and squashes the following commits:
8de8a3e [Tim Ellison] Update SecurityManagerSuite with new expected suite names
96158b2 [Tim Ellison] Update the sample configs to use ciphers that are common
to both the Oracle and IBM security providers.
705421b [Tim Ellison] Merge branch 'master' of github.com:tellison/spark into
SSLFailure
68b9425 [Tim Ellison] Merge branch 'master' of https://github.com/apache/spark
into SSLFailure
b0c35f6 [Tim Ellison] [CORE] Add aliases used for cipher suites in IBM provider
(cherry picked from commit bf46580708e41a1d48ac091adbca8d82a4008699)
Signed-off-by: Sean Owen
Project: http://git-wip-us.apache.org/repos/asf/spark/repo
Commit: http://git-wip-us.apache.org/repos/asf/spark/commit/459c3d22
Tree: http://git-wip-us.apache.org/repos/asf/spark/tree/459c3d22
Diff: http://git-wip-us.apache.org/repos/asf/spark/diff/459c3d22
Branch: refs/heads/branch-1.4
Commit: 459c3d22e0b520f0db21d471e29bdc6c4ec0029a
Parents: 509a7ca
Author: Tim Ellison
Authored: Fri May 29 05:14:43 2015 -0400
Committer: Sean Owen
Committed: Fri May 29 05:15:00 2015 -0400
--
core/src/test/scala/org/apache/spark/SSLSampleConfigs.scala | 4 ++--
core/src/test/scala/org/apache/spark/SecurityManagerSuite.scala | 4 ++--
2 files changed, 4 insertions(+), 4 deletions(-)
--
http://git-wip-us.apache.org/repos/asf/spark/blob/459c3d22/core/src/test/scala/org/apache/spark/SSLSampleConfigs.scala
--
diff --git a/core/src/test/scala/org/apache/spark/SSLSampleConfigs.scala
b/core/src/test/scala/org/apache/spark/SSLSampleConfigs.scala
index 308b9ea..1a099da 100644
--- a/core/src/test/scala/org/apache/spark/SSLSampleConfigs.scala
+++ b/core/src/test/scala/org/apache/spark/SSLSampleConfigs.scala
@@ -34,7 +34,7 @@ object SSLSampleConfigs {
conf.set("spark.ssl.trustStore", trustStorePath)
conf.set("spark.ssl.trustStorePassword", "password")
conf.set("spark.ssl.enabledAlgorithms",
- "TLS_RSA_WITH_AES_128_CBC_SHA, SSL_RSA_WITH_DES_CBC_SHA")
+ "SSL_RSA_WITH_RC4_128_SHA, SSL_RSA_WITH_DES_CBC_SHA")
conf.set("spark.ssl.protocol", "TLSv1")
conf
}
@@ -48,7 +48,7 @@ object SSLSampleConfigs {
conf.set("spark.ssl.trustStore", trustStorePath)
conf.set("spark.ssl.trustStorePassword", "password")
conf.set("spark.ssl.enabledAlgorithms",
- "TLS_RSA_WITH_AES_128_CBC_SHA, SSL_RSA_WITH_DES_CBC_SHA")
+ "SSL_RSA_WITH_RC4_128_SHA, SSL_RSA_WITH_DES_CBC_SHA")
conf.set("spark.ssl.protocol", "TLSv1")
conf
}
http://git-wip-us.apache.org/repos/asf/spark/blob/459c3d22/core/src/test/scala/org/apache/spark/SecurityManagerSuite.scala
--
diff --git a/core/src/test/scala/org/apache/spark/SecurityManagerSuite.scala
b/core/src/test/scala/org/apache/spark/SecurityManagerSuite.scala
index 62cb764..61571be 100644
--- a/core/src/test/scala/org/apache/spark/SecurityManagerSuite.scala
+++ b/core/src/test/scala/org/apache/spark/SecurityManagerSuite.scala
@@ -147,7 +147,7 @@ class SecurityManagerSuite extends FunSuite {
assert(securityManager.fileServerSSLOptions.keyPassword ===
Some("password"))
assert(securityManager.fileServerSSLOptions.protocol === Some("TLSv1"))
assert(securityManager.fileServerSSLOptions.enabledAlgorithms ===
-Set("TLS_RSA_WITH_AES_128_CBC_SHA", "SSL_RSA_WITH_DES_CBC_SHA"))
+Set("SSL_RSA_WITH_RC4_128_SHA", "SSL_RSA_WITH_DES_CBC_SHA"))
assert(securityManager.akkaSSLOptions.trustStore.isDefined === true)
assert(securityManager.akkaSSLOptions.trustStore.get.getName ===
"truststore")
@@ -158,7 +158,7 @@ class SecurityManagerSuite extends FunSuite {
assert(securityManager.akkaSSLOptions.keyPassword === Some("password"))
assert(securityManager.akkaSSLOptions.protocol === Some("TLSv1"))
assert(securityManager.akkaSSLOptions.enabledAlgorithms ===
-Set("TLS_RSA_WITH_AES_128_CBC_SHA", "SSL_RSA_WITH_DES_CBC_SHA"))
+Set("SSL_RSA_WITH_RC4_128_SHA", "SSL_RSA_WITH_DES_CBC_SHA"))
}
test("ssl off setup") {
-
To unsubscribe, e-mail: commits-unsubscr.
spark git commit: [SPARK-7756] [CORE] Use testing cipher suites common to Oracle and IBM security providers
Repository: spark
Updated Branches:
refs/heads/master 23452be94 -> bf4658070
[SPARK-7756] [CORE] Use testing cipher suites common to Oracle and IBM security
providers
Add alias names for supported cipher suites to the sample SSL configuration.
The IBM JSSE provider reports its cipher suite with an SSL_ prefix, but accepts
TLS_ prefixed suite names as an alias. However, Jetty filters the requested
ciphers based on the provider's reported supported suites, so the TLS_ versions
are never passed through to JSSE causing an SSL handshake failure.
Author: Tim Ellison
Closes #6282 from tellison/SSLFailure and squashes the following commits:
8de8a3e [Tim Ellison] Update SecurityManagerSuite with new expected suite names
96158b2 [Tim Ellison] Update the sample configs to use ciphers that are common
to both the Oracle and IBM security providers.
705421b [Tim Ellison] Merge branch 'master' of github.com:tellison/spark into
SSLFailure
68b9425 [Tim Ellison] Merge branch 'master' of https://github.com/apache/spark
into SSLFailure
b0c35f6 [Tim Ellison] [CORE] Add aliases used for cipher suites in IBM provider
Project: http://git-wip-us.apache.org/repos/asf/spark/repo
Commit: http://git-wip-us.apache.org/repos/asf/spark/commit/bf465807
Tree: http://git-wip-us.apache.org/repos/asf/spark/tree/bf465807
Diff: http://git-wip-us.apache.org/repos/asf/spark/diff/bf465807
Branch: refs/heads/master
Commit: bf46580708e41a1d48ac091adbca8d82a4008699
Parents: 23452be
Author: Tim Ellison
Authored: Fri May 29 05:14:43 2015 -0400
Committer: Sean Owen
Committed: Fri May 29 05:14:43 2015 -0400
--
core/src/test/scala/org/apache/spark/SSLSampleConfigs.scala | 4 ++--
core/src/test/scala/org/apache/spark/SecurityManagerSuite.scala | 4 ++--
2 files changed, 4 insertions(+), 4 deletions(-)
--
http://git-wip-us.apache.org/repos/asf/spark/blob/bf465807/core/src/test/scala/org/apache/spark/SSLSampleConfigs.scala
--
diff --git a/core/src/test/scala/org/apache/spark/SSLSampleConfigs.scala
b/core/src/test/scala/org/apache/spark/SSLSampleConfigs.scala
index 308b9ea..1a099da 100644
--- a/core/src/test/scala/org/apache/spark/SSLSampleConfigs.scala
+++ b/core/src/test/scala/org/apache/spark/SSLSampleConfigs.scala
@@ -34,7 +34,7 @@ object SSLSampleConfigs {
conf.set("spark.ssl.trustStore", trustStorePath)
conf.set("spark.ssl.trustStorePassword", "password")
conf.set("spark.ssl.enabledAlgorithms",
- "TLS_RSA_WITH_AES_128_CBC_SHA, SSL_RSA_WITH_DES_CBC_SHA")
+ "SSL_RSA_WITH_RC4_128_SHA, SSL_RSA_WITH_DES_CBC_SHA")
conf.set("spark.ssl.protocol", "TLSv1")
conf
}
@@ -48,7 +48,7 @@ object SSLSampleConfigs {
conf.set("spark.ssl.trustStore", trustStorePath)
conf.set("spark.ssl.trustStorePassword", "password")
conf.set("spark.ssl.enabledAlgorithms",
- "TLS_RSA_WITH_AES_128_CBC_SHA, SSL_RSA_WITH_DES_CBC_SHA")
+ "SSL_RSA_WITH_RC4_128_SHA, SSL_RSA_WITH_DES_CBC_SHA")
conf.set("spark.ssl.protocol", "TLSv1")
conf
}
http://git-wip-us.apache.org/repos/asf/spark/blob/bf465807/core/src/test/scala/org/apache/spark/SecurityManagerSuite.scala
--
diff --git a/core/src/test/scala/org/apache/spark/SecurityManagerSuite.scala
b/core/src/test/scala/org/apache/spark/SecurityManagerSuite.scala
index 62cb764..61571be 100644
--- a/core/src/test/scala/org/apache/spark/SecurityManagerSuite.scala
+++ b/core/src/test/scala/org/apache/spark/SecurityManagerSuite.scala
@@ -147,7 +147,7 @@ class SecurityManagerSuite extends FunSuite {
assert(securityManager.fileServerSSLOptions.keyPassword ===
Some("password"))
assert(securityManager.fileServerSSLOptions.protocol === Some("TLSv1"))
assert(securityManager.fileServerSSLOptions.enabledAlgorithms ===
-Set("TLS_RSA_WITH_AES_128_CBC_SHA", "SSL_RSA_WITH_DES_CBC_SHA"))
+Set("SSL_RSA_WITH_RC4_128_SHA", "SSL_RSA_WITH_DES_CBC_SHA"))
assert(securityManager.akkaSSLOptions.trustStore.isDefined === true)
assert(securityManager.akkaSSLOptions.trustStore.get.getName ===
"truststore")
@@ -158,7 +158,7 @@ class SecurityManagerSuite extends FunSuite {
assert(securityManager.akkaSSLOptions.keyPassword === Some("password"))
assert(securityManager.akkaSSLOptions.protocol === Some("TLSv1"))
assert(securityManager.akkaSSLOptions.enabledAlgorithms ===
-Set("TLS_RSA_WITH_AES_128_CBC_SHA", "SSL_RSA_WITH_DES_CBC_SHA"))
+Set("SSL_RSA_WITH_RC4_128_SHA", "SSL_RSA_WITH_DES_CBC_SHA"))
}
test("ssl off setup") {
-
To unsubscribe, e-mail: commits-unsubscr...@spark.apache.org
For additional commands, e-mail: commits-h...@spark.apache.org
