[jira] [Commented] (HDFS-3993) The KSSL class should not limit the ssl ciphers
[ https://issues.apache.org/jira/browse/HDFS-3993?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13467719#comment-13467719 ] Daryn Sharp commented on HDFS-3993: --- I seem to recall there's a java 6 bug that prevents using of non-DES algorithms (something about padding in the header). We've had to remove AES from krb5.conf files due to this issue, so are you sure this works with java 6? > The KSSL class should not limit the ssl ciphers > --- > > Key: HDFS-3993 > URL: https://issues.apache.org/jira/browse/HDFS-3993 > Project: Hadoop HDFS > Issue Type: Bug >Reporter: Owen O'Malley >Assignee: Owen O'Malley > Attachments: hdfs-3993.patch > > > The KSSL class' static block currently limits the ssl ciphers to a single > value. It should use a much more permissive list. -- This message is automatically generated by JIRA. If you think it was sent incorrectly, please contact your JIRA administrators For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Commented] (HDFS-3993) The KSSL class should not limit the ssl ciphers
[ https://issues.apache.org/jira/browse/HDFS-3993?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13467453#comment-13467453 ] Owen O'Malley commented on HDFS-3993: - I should also comment that it is effecting both client and server, so if you replaced it, you'd need to do it with a SSLSocketFactory that was always used in both contexts. > The KSSL class should not limit the ssl ciphers > --- > > Key: HDFS-3993 > URL: https://issues.apache.org/jira/browse/HDFS-3993 > Project: Hadoop HDFS > Issue Type: Bug >Reporter: Owen O'Malley >Assignee: Owen O'Malley > Attachments: hdfs-3993.patch > > > The KSSL class' static block currently limits the ssl ciphers to a single > value. It should use a much more permissive list. -- This message is automatically generated by JIRA. If you think it was sent incorrectly, please contact your JIRA administrators For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Commented] (HDFS-3993) The KSSL class should not limit the ssl ciphers
[ https://issues.apache.org/jira/browse/HDFS-3993?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13467451#comment-13467451 ] Owen O'Malley commented on HDFS-3993: - Todd, It is possible, but it would substantially re-work this chunk of code that we are killing after 1.x, so I don't see the value. Setting the system property is a global action and using kssl is a deprecated option that was added for compatibility. > The KSSL class should not limit the ssl ciphers > --- > > Key: HDFS-3993 > URL: https://issues.apache.org/jira/browse/HDFS-3993 > Project: Hadoop HDFS > Issue Type: Bug >Reporter: Owen O'Malley >Assignee: Owen O'Malley > Attachments: hdfs-3993.patch > > > The KSSL class' static block currently limits the ssl ciphers to a single > value. It should use a much more permissive list. -- This message is automatically generated by JIRA. If you think it was sent incorrectly, please contact your JIRA administrators For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Commented] (HDFS-3993) The KSSL class should not limit the ssl ciphers
[ https://issues.apache.org/jira/browse/HDFS-3993?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13467328#comment-13467328 ] Todd Lipcon commented on HDFS-3993: --- Is it possible to do this non-statically to avoid the problem altogether? eg when we make a connection which we expect to be SSL-authorized, use a connection Configurator which sets up the correct cipher suites? Not an expert in this area, but it seems preferable to the static side effects. > The KSSL class should not limit the ssl ciphers > --- > > Key: HDFS-3993 > URL: https://issues.apache.org/jira/browse/HDFS-3993 > Project: Hadoop HDFS > Issue Type: Bug >Reporter: Owen O'Malley >Assignee: Owen O'Malley > Attachments: hdfs-3993.patch > > > The KSSL class' static block currently limits the ssl ciphers to a single > value. It should use a much more permissive list. -- This message is automatically generated by JIRA. If you think it was sent incorrectly, please contact your JIRA administrators For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Commented] (HDFS-3993) The KSSL class should not limit the ssl ciphers
[ https://issues.apache.org/jira/browse/HDFS-3993?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13467275#comment-13467275 ] Devaraj Das commented on HDFS-3993: --- One nit, could you please add some documentation around where you got the list of ciphers from. Other than that, looks good. > The KSSL class should not limit the ssl ciphers > --- > > Key: HDFS-3993 > URL: https://issues.apache.org/jira/browse/HDFS-3993 > Project: Hadoop HDFS > Issue Type: Bug >Reporter: Owen O'Malley >Assignee: Owen O'Malley > Attachments: hdfs-3993.patch > > > The KSSL class' static block currently limits the ssl ciphers to a single > value. It should use a much more permissive list. -- This message is automatically generated by JIRA. If you think it was sent incorrectly, please contact your JIRA administrators For more information on JIRA, see: http://www.atlassian.com/software/jira