Akira Ajisaka created HADOOP-16000: -------------------------------------- Summary: Remove TLSv1 and SSLv2Hello from the default value of hadoop.ssl.enabled.protocols Key: HADOOP-16000 URL: https://issues.apache.org/jira/browse/HADOOP-16000 Project: Hadoop Common Issue Type: Improvement Components: security Reporter: Akira Ajisaka
{code:title=core-default.xml} public static final String SSL_ENABLED_PROTOCOLS_DEFAULT = "TLSv1,SSLv2Hello,TLSv1.1,TLSv1.2"; {code} TLSv1 and SSLv2Hello are considered to be vulnerable. Let's remove these by default. -- This message was sent by Atlassian JIRA (v7.6.3#76005) --------------------------------------------------------------------- To unsubscribe, e-mail: common-dev-unsubscr...@hadoop.apache.org For additional commands, e-mail: common-dev-h...@hadoop.apache.org