[jira] [Commented] (HDFS-7391) Renable SSLv2Hello in HttpFS
[ https://issues.apache.org/jira/browse/HDFS-7391?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14207245#comment-14207245 ] Robert Kanter commented on HDFS-7391: - I put up a separate patch for branch 2.5, which has to use "protocols" instead of "sslEnabledProtocols" because it has an older version of Tomcat. > Renable SSLv2Hello in HttpFS > > > Key: HDFS-7391 > URL: https://issues.apache.org/jira/browse/HDFS-7391 > Project: Hadoop HDFS > Issue Type: Bug > Components: webhdfs >Affects Versions: 2.6.0, 2.5.2 >Reporter: Robert Kanter >Assignee: Robert Kanter >Priority: Blocker > Attachments: HDFS-7391-branch-2.5.patch > > > We should re-enable "SSLv2Hello", which is required for older clients (e.g. > Java 6 with openssl 0.9.8x) so they can't connect without it. Just to be > clear, it does not mean SSLv2, which is insecure. > I couldn't simply do an addendum patch on HDFS-7274 because it's already been > closed. -- This message was sent by Atlassian JIRA (v6.3.4#6332)
[jira] [Commented] (HDFS-7391) Renable SSLv2Hello in HttpFS
[
https://issues.apache.org/jira/browse/HDFS-7391?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14207317#comment-14207317
]
Hadoop QA commented on HDFS-7391:
-
{color:red}-1 overall{color}. Here are the results of testing the latest
attachment
http://issues.apache.org/jira/secure/attachment/12680926/HDFS-7391.patch
against trunk revision 163bb55.
{color:green}+1 @author{color}. The patch does not contain any @author
tags.
{color:red}-1 tests included{color}. The patch doesn't appear to include
any new or modified tests.
Please justify why no new tests are needed for this
patch.
Also please list what manual steps were performed to
verify this patch.
{color:green}+1 javac{color}. The applied patch does not increase the
total number of javac compiler warnings.
{color:green}+1 javadoc{color}. There were no new javadoc warning messages.
{color:green}+1 eclipse:eclipse{color}. The patch built with
eclipse:eclipse.
{color:green}+1 findbugs{color}. The patch does not introduce any new
Findbugs (version 2.0.3) warnings.
{color:green}+1 release audit{color}. The applied patch does not increase
the total number of release audit warnings.
{color:green}+1 core tests{color}. The patch passed unit tests in
hadoop-hdfs-project/hadoop-hdfs-httpfs.
{color:green}+1 contrib tests{color}. The patch passed contrib unit tests.
Test results:
https://builds.apache.org/job/PreCommit-HDFS-Build/8718//testReport/
Console output: https://builds.apache.org/job/PreCommit-HDFS-Build/8718//console
This message is automatically generated.
> Renable SSLv2Hello in HttpFS
>
>
> Key: HDFS-7391
> URL: https://issues.apache.org/jira/browse/HDFS-7391
> Project: Hadoop HDFS
> Issue Type: Bug
> Components: webhdfs
>Affects Versions: 2.6.0, 2.5.2
>Reporter: Robert Kanter
>Assignee: Robert Kanter
>Priority: Blocker
> Attachments: HDFS-7391-branch-2.5.patch, HDFS-7391.patch
>
>
> We should re-enable "SSLv2Hello", which is required for older clients (e.g.
> Java 6 with openssl 0.9.8x) so they can't connect without it. Just to be
> clear, it does not mean SSLv2, which is insecure.
> I couldn't simply do an addendum patch on HDFS-7274 because it's already been
> closed.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
[jira] [Commented] (HDFS-7391) Renable SSLv2Hello in HttpFS
[ https://issues.apache.org/jira/browse/HDFS-7391?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14208172#comment-14208172 ] Dave Thompson commented on HDFS-7391: - For clarifications you are not suggesting turning on SSLv2, which has been deprecated for 18 years, for reasons discussed in RFC6176. Rather, you are suggesting turning on the backwards compatible Client-Hello, that was introduced in 1996 for transition, for clients that didn't know if they were connecting to an SSLv2 or SSLv3 server. A bit surprised that there exists hadoop clients that find this necessary. Java 6 with openssl 0.9.8x, I believe will support up to SSLv3.1 (TLS 1.0), which I've used as a server... I can't speak to client configurability. My primary concern would be that in enabling acceptance of SSLv2 Client-Hello, that assurances/confirmation be made that a resulting SSLv2.0 session is not allowed. > Renable SSLv2Hello in HttpFS > > > Key: HDFS-7391 > URL: https://issues.apache.org/jira/browse/HDFS-7391 > Project: Hadoop HDFS > Issue Type: Bug > Components: webhdfs >Affects Versions: 2.6.0, 2.5.2 >Reporter: Robert Kanter >Assignee: Robert Kanter >Priority: Blocker > Attachments: HDFS-7391-branch-2.5.patch, HDFS-7391.patch > > > We should re-enable "SSLv2Hello", which is required for older clients (e.g. > Java 6 with openssl 0.9.8x) so they can't connect without it. Just to be > clear, it does not mean SSLv2, which is insecure. > I couldn't simply do an addendum patch on HDFS-7274 because it's already been > closed. -- This message was sent by Atlassian JIRA (v6.3.4#6332)
[jira] [Commented] (HDFS-7391) Renable SSLv2Hello in HttpFS
[ https://issues.apache.org/jira/browse/HDFS-7391?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14208188#comment-14208188 ] Dave Thompson commented on HDFS-7391: - Looking at the patch, config change appears benign > Renable SSLv2Hello in HttpFS > > > Key: HDFS-7391 > URL: https://issues.apache.org/jira/browse/HDFS-7391 > Project: Hadoop HDFS > Issue Type: Bug > Components: webhdfs >Affects Versions: 2.6.0, 2.5.2 >Reporter: Robert Kanter >Assignee: Robert Kanter >Priority: Blocker > Attachments: HDFS-7391-branch-2.5.patch, HDFS-7391.patch > > > We should re-enable "SSLv2Hello", which is required for older clients (e.g. > Java 6 with openssl 0.9.8x) so they can't connect without it. Just to be > clear, it does not mean SSLv2, which is insecure. > I couldn't simply do an addendum patch on HDFS-7274 because it's already been > closed. -- This message was sent by Atlassian JIRA (v6.3.4#6332)
[jira] [Commented] (HDFS-7391) Renable SSLv2Hello in HttpFS
[ https://issues.apache.org/jira/browse/HDFS-7391?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14208349#comment-14208349 ] Robert Kanter commented on HDFS-7391: - We verified that an old OpenSSL client is able to do the SSLv2Hello handshake and then use TLSv1 (and that SSLv2 and SSLv3 are disabled). > Renable SSLv2Hello in HttpFS > > > Key: HDFS-7391 > URL: https://issues.apache.org/jira/browse/HDFS-7391 > Project: Hadoop HDFS > Issue Type: Bug > Components: webhdfs >Affects Versions: 2.6.0, 2.5.2 >Reporter: Robert Kanter >Assignee: Robert Kanter >Priority: Blocker > Attachments: HDFS-7391-branch-2.5.patch, HDFS-7391.patch > > > We should re-enable "SSLv2Hello", which is required for older clients (e.g. > Java 6 with openssl 0.9.8x) so they can't connect without it. Just to be > clear, it does not mean SSLv2, which is insecure. > I couldn't simply do an addendum patch on HDFS-7274 because it's already been > closed. -- This message was sent by Atlassian JIRA (v6.3.4#6332)
[jira] [Commented] (HDFS-7391) Renable SSLv2Hello in HttpFS
[ https://issues.apache.org/jira/browse/HDFS-7391?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14208818#comment-14208818 ] Arun C Murthy commented on HDFS-7391: - [~rkanter] - Is this and the addendum patch for HADOOP-11217 the only ones for SSLv2Hello? I thought there were 3? I'll commit both later today if there are no objections; others please commit to branch-2/branch-2.6/branch-2.6.0 if you get to it before me. Thanks. > Renable SSLv2Hello in HttpFS > > > Key: HDFS-7391 > URL: https://issues.apache.org/jira/browse/HDFS-7391 > Project: Hadoop HDFS > Issue Type: Bug > Components: webhdfs >Affects Versions: 2.6.0, 2.5.2 >Reporter: Robert Kanter >Assignee: Robert Kanter >Priority: Blocker > Attachments: HDFS-7391-branch-2.5.patch, HDFS-7391.patch > > > We should re-enable "SSLv2Hello", which is required for older clients (e.g. > Java 6 with openssl 0.9.8x) so they can't connect without it. Just to be > clear, it does not mean SSLv2, which is insecure. > I couldn't simply do an addendum patch on HDFS-7274 because it's already been > closed. -- This message was sent by Atlassian JIRA (v6.3.4#6332)
[jira] [Commented] (HDFS-7391) Renable SSLv2Hello in HttpFS
[ https://issues.apache.org/jira/browse/HDFS-7391?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14208833#comment-14208833 ] Robert Kanter commented on HDFS-7391: - This is the addendum patch for HDFS-7274. I had to create a new JIRA because HDFS-7274 was already closed. (Also, the branch-2.5 version of the patch is different here because it also fixes a problem where older versions of Tomcat used a different property name). The addendum patch for HADOOP-11217 I was able to put there because it wasn't closed yet. The third JIRA was HADOOP-11243, which [~ywskycn] worked on. I'm not sure of the details, but he wasn't able to re-enable SSLv2Hello there. So, there's just HDFS-7391 and the HADOOP-11217 addendum. > Renable SSLv2Hello in HttpFS > > > Key: HDFS-7391 > URL: https://issues.apache.org/jira/browse/HDFS-7391 > Project: Hadoop HDFS > Issue Type: Bug > Components: webhdfs >Affects Versions: 2.6.0, 2.5.2 >Reporter: Robert Kanter >Assignee: Robert Kanter >Priority: Blocker > Attachments: HDFS-7391-branch-2.5.patch, HDFS-7391.patch > > > We should re-enable "SSLv2Hello", which is required for older clients (e.g. > Java 6 with openssl 0.9.8x) so they can't connect without it. Just to be > clear, it does not mean SSLv2, which is insecure. > I couldn't simply do an addendum patch on HDFS-7274 because it's already been > closed. -- This message was sent by Atlassian JIRA (v6.3.4#6332)
[jira] [Commented] (HDFS-7391) Renable SSLv2Hello in HttpFS
[ https://issues.apache.org/jira/browse/HDFS-7391?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14208839#comment-14208839 ] Wei Yan commented on HDFS-7391: --- [~acmurthy], for HADOOP-11243, we tried different approaches (whilelist, blacklist) to add the SSLv2Hello, but not success. The shuffle server still cannot accept SSLv2Hello protocol. Given that the shuffle happens between NMs, so I think we can keep the existing solution without SSLv2Hello. > Renable SSLv2Hello in HttpFS > > > Key: HDFS-7391 > URL: https://issues.apache.org/jira/browse/HDFS-7391 > Project: Hadoop HDFS > Issue Type: Bug > Components: webhdfs >Affects Versions: 2.6.0, 2.5.2 >Reporter: Robert Kanter >Assignee: Robert Kanter >Priority: Blocker > Attachments: HDFS-7391-branch-2.5.patch, HDFS-7391.patch > > > We should re-enable "SSLv2Hello", which is required for older clients (e.g. > Java 6 with openssl 0.9.8x) so they can't connect without it. Just to be > clear, it does not mean SSLv2, which is insecure. > I couldn't simply do an addendum patch on HDFS-7274 because it's already been > closed. -- This message was sent by Atlassian JIRA (v6.3.4#6332)
[jira] [Commented] (HDFS-7391) Renable SSLv2Hello in HttpFS
[ https://issues.apache.org/jira/browse/HDFS-7391?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14209030#comment-14209030 ] Arun C Murthy commented on HDFS-7391: - Sounds good, thanks [~rkanter] and [~ywskycn]! I'll commit both shortly for RC1. > Renable SSLv2Hello in HttpFS > > > Key: HDFS-7391 > URL: https://issues.apache.org/jira/browse/HDFS-7391 > Project: Hadoop HDFS > Issue Type: Bug > Components: webhdfs >Affects Versions: 2.6.0, 2.5.2 >Reporter: Robert Kanter >Assignee: Robert Kanter >Priority: Blocker > Attachments: HDFS-7391-branch-2.5.patch, HDFS-7391.patch > > > We should re-enable "SSLv2Hello", which is required for older clients (e.g. > Java 6 with openssl 0.9.8x) so they can't connect without it. Just to be > clear, it does not mean SSLv2, which is insecure. > I couldn't simply do an addendum patch on HDFS-7274 because it's already been > closed. -- This message was sent by Atlassian JIRA (v6.3.4#6332)
[jira] [Commented] (HDFS-7391) Renable SSLv2Hello in HttpFS
[ https://issues.apache.org/jira/browse/HDFS-7391?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14209143#comment-14209143 ] Karthik Kambatla commented on HDFS-7391: [~acmurthy] - Missed your comment here, and committed the addendum for HADOOP-11217. Will let you commit this, thanks. > Renable SSLv2Hello in HttpFS > > > Key: HDFS-7391 > URL: https://issues.apache.org/jira/browse/HDFS-7391 > Project: Hadoop HDFS > Issue Type: Bug > Components: webhdfs >Affects Versions: 2.6.0, 2.5.2 >Reporter: Robert Kanter >Assignee: Robert Kanter >Priority: Blocker > Attachments: HDFS-7391-branch-2.5.patch, HDFS-7391.patch > > > We should re-enable "SSLv2Hello", which is required for older clients (e.g. > Java 6 with openssl 0.9.8x) so they can't connect without it. Just to be > clear, it does not mean SSLv2, which is insecure. > I couldn't simply do an addendum patch on HDFS-7274 because it's already been > closed. -- This message was sent by Atlassian JIRA (v6.3.4#6332)
[jira] [Commented] (HDFS-7391) Renable SSLv2Hello in HttpFS
[ https://issues.apache.org/jira/browse/HDFS-7391?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14209148#comment-14209148 ] Arun C Murthy commented on HDFS-7391: - [~kasha] you just saved me some typing chores, I'll take care of this. Thanks! > Renable SSLv2Hello in HttpFS > > > Key: HDFS-7391 > URL: https://issues.apache.org/jira/browse/HDFS-7391 > Project: Hadoop HDFS > Issue Type: Bug > Components: webhdfs >Affects Versions: 2.6.0, 2.5.2 >Reporter: Robert Kanter >Assignee: Robert Kanter >Priority: Blocker > Attachments: HDFS-7391-branch-2.5.patch, HDFS-7391.patch > > > We should re-enable "SSLv2Hello", which is required for older clients (e.g. > Java 6 with openssl 0.9.8x) so they can't connect without it. Just to be > clear, it does not mean SSLv2, which is insecure. > I couldn't simply do an addendum patch on HDFS-7274 because it's already been > closed. -- This message was sent by Atlassian JIRA (v6.3.4#6332)
[jira] [Commented] (HDFS-7391) Renable SSLv2Hello in HttpFS
[ https://issues.apache.org/jira/browse/HDFS-7391?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14209161#comment-14209161 ] Hudson commented on HDFS-7391: -- FAILURE: Integrated in Hadoop-trunk-Commit #6529 (See [https://builds.apache.org/job/Hadoop-trunk-Commit/6529/]) HDFS-7391. Renable SSLv2Hello in HttpFS. Contributed by Robert Kanter. (acmurthy: rev 9f0319bba1788e4c579ce533b14c0deab63f28ee) * hadoop-hdfs-project/hadoop-hdfs-httpfs/src/main/tomcat/ssl-server.xml * hadoop-hdfs-project/hadoop-hdfs/CHANGES.txt > Renable SSLv2Hello in HttpFS > > > Key: HDFS-7391 > URL: https://issues.apache.org/jira/browse/HDFS-7391 > Project: Hadoop HDFS > Issue Type: Bug > Components: webhdfs >Affects Versions: 2.6.0, 2.5.2 >Reporter: Robert Kanter >Assignee: Robert Kanter >Priority: Blocker > Attachments: HDFS-7391-branch-2.5.patch, HDFS-7391.patch > > > We should re-enable "SSLv2Hello", which is required for older clients (e.g. > Java 6 with openssl 0.9.8x) so they can't connect without it. Just to be > clear, it does not mean SSLv2, which is insecure. > I couldn't simply do an addendum patch on HDFS-7274 because it's already been > closed. -- This message was sent by Atlassian JIRA (v6.3.4#6332)
[jira] [Commented] (HDFS-7391) Renable SSLv2Hello in HttpFS
[ https://issues.apache.org/jira/browse/HDFS-7391?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14209609#comment-14209609 ] Hudson commented on HDFS-7391: -- FAILURE: Integrated in Hadoop-Yarn-trunk-Java8 #4 (See [https://builds.apache.org/job/Hadoop-Yarn-trunk-Java8/4/]) HDFS-7391. Renable SSLv2Hello in HttpFS. Contributed by Robert Kanter. (acmurthy: rev 9f0319bba1788e4c579ce533b14c0deab63f28ee) * hadoop-hdfs-project/hadoop-hdfs-httpfs/src/main/tomcat/ssl-server.xml * hadoop-hdfs-project/hadoop-hdfs/CHANGES.txt > Renable SSLv2Hello in HttpFS > > > Key: HDFS-7391 > URL: https://issues.apache.org/jira/browse/HDFS-7391 > Project: Hadoop HDFS > Issue Type: Bug > Components: webhdfs >Affects Versions: 2.6.0, 2.5.2 >Reporter: Robert Kanter >Assignee: Robert Kanter >Priority: Blocker > Fix For: 2.6.0 > > Attachments: HDFS-7391-branch-2.5.patch, HDFS-7391.patch > > > We should re-enable "SSLv2Hello", which is required for older clients (e.g. > Java 6 with openssl 0.9.8x) so they can't connect without it. Just to be > clear, it does not mean SSLv2, which is insecure. > I couldn't simply do an addendum patch on HDFS-7274 because it's already been > closed. -- This message was sent by Atlassian JIRA (v6.3.4#6332)
[jira] [Commented] (HDFS-7391) Renable SSLv2Hello in HttpFS
[ https://issues.apache.org/jira/browse/HDFS-7391?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14209639#comment-14209639 ] Hudson commented on HDFS-7391: -- SUCCESS: Integrated in Hadoop-Yarn-trunk #742 (See [https://builds.apache.org/job/Hadoop-Yarn-trunk/742/]) HDFS-7391. Renable SSLv2Hello in HttpFS. Contributed by Robert Kanter. (acmurthy: rev 9f0319bba1788e4c579ce533b14c0deab63f28ee) * hadoop-hdfs-project/hadoop-hdfs/CHANGES.txt * hadoop-hdfs-project/hadoop-hdfs-httpfs/src/main/tomcat/ssl-server.xml > Renable SSLv2Hello in HttpFS > > > Key: HDFS-7391 > URL: https://issues.apache.org/jira/browse/HDFS-7391 > Project: Hadoop HDFS > Issue Type: Bug > Components: webhdfs >Affects Versions: 2.6.0, 2.5.2 >Reporter: Robert Kanter >Assignee: Robert Kanter >Priority: Blocker > Fix For: 2.6.0 > > Attachments: HDFS-7391-branch-2.5.patch, HDFS-7391.patch > > > We should re-enable "SSLv2Hello", which is required for older clients (e.g. > Java 6 with openssl 0.9.8x) so they can't connect without it. Just to be > clear, it does not mean SSLv2, which is insecure. > I couldn't simply do an addendum patch on HDFS-7274 because it's already been > closed. -- This message was sent by Atlassian JIRA (v6.3.4#6332)
[jira] [Commented] (HDFS-7391) Renable SSLv2Hello in HttpFS
[ https://issues.apache.org/jira/browse/HDFS-7391?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14209779#comment-14209779 ] Hudson commented on HDFS-7391: -- FAILURE: Integrated in Hadoop-Hdfs-trunk-Java8 #4 (See [https://builds.apache.org/job/Hadoop-Hdfs-trunk-Java8/4/]) HDFS-7391. Renable SSLv2Hello in HttpFS. Contributed by Robert Kanter. (acmurthy: rev 9f0319bba1788e4c579ce533b14c0deab63f28ee) * hadoop-hdfs-project/hadoop-hdfs/CHANGES.txt * hadoop-hdfs-project/hadoop-hdfs-httpfs/src/main/tomcat/ssl-server.xml > Renable SSLv2Hello in HttpFS > > > Key: HDFS-7391 > URL: https://issues.apache.org/jira/browse/HDFS-7391 > Project: Hadoop HDFS > Issue Type: Bug > Components: webhdfs >Affects Versions: 2.6.0, 2.5.2 >Reporter: Robert Kanter >Assignee: Robert Kanter >Priority: Blocker > Fix For: 2.6.0 > > Attachments: HDFS-7391-branch-2.5.patch, HDFS-7391.patch > > > We should re-enable "SSLv2Hello", which is required for older clients (e.g. > Java 6 with openssl 0.9.8x) so they can't connect without it. Just to be > clear, it does not mean SSLv2, which is insecure. > I couldn't simply do an addendum patch on HDFS-7274 because it's already been > closed. -- This message was sent by Atlassian JIRA (v6.3.4#6332)
[jira] [Commented] (HDFS-7391) Renable SSLv2Hello in HttpFS
[ https://issues.apache.org/jira/browse/HDFS-7391?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14209780#comment-14209780 ] Hudson commented on HDFS-7391: -- FAILURE: Integrated in Hadoop-Hdfs-trunk #1932 (See [https://builds.apache.org/job/Hadoop-Hdfs-trunk/1932/]) HDFS-7391. Renable SSLv2Hello in HttpFS. Contributed by Robert Kanter. (acmurthy: rev 9f0319bba1788e4c579ce533b14c0deab63f28ee) * hadoop-hdfs-project/hadoop-hdfs/CHANGES.txt * hadoop-hdfs-project/hadoop-hdfs-httpfs/src/main/tomcat/ssl-server.xml > Renable SSLv2Hello in HttpFS > > > Key: HDFS-7391 > URL: https://issues.apache.org/jira/browse/HDFS-7391 > Project: Hadoop HDFS > Issue Type: Bug > Components: webhdfs >Affects Versions: 2.6.0, 2.5.2 >Reporter: Robert Kanter >Assignee: Robert Kanter >Priority: Blocker > Fix For: 2.6.0 > > Attachments: HDFS-7391-branch-2.5.patch, HDFS-7391.patch > > > We should re-enable "SSLv2Hello", which is required for older clients (e.g. > Java 6 with openssl 0.9.8x) so they can't connect without it. Just to be > clear, it does not mean SSLv2, which is insecure. > I couldn't simply do an addendum patch on HDFS-7274 because it's already been > closed. -- This message was sent by Atlassian JIRA (v6.3.4#6332)
[jira] [Commented] (HDFS-7391) Renable SSLv2Hello in HttpFS
[ https://issues.apache.org/jira/browse/HDFS-7391?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14209881#comment-14209881 ] Hudson commented on HDFS-7391: -- FAILURE: Integrated in Hadoop-Mapreduce-trunk #1956 (See [https://builds.apache.org/job/Hadoop-Mapreduce-trunk/1956/]) HDFS-7391. Renable SSLv2Hello in HttpFS. Contributed by Robert Kanter. (acmurthy: rev 9f0319bba1788e4c579ce533b14c0deab63f28ee) * hadoop-hdfs-project/hadoop-hdfs-httpfs/src/main/tomcat/ssl-server.xml * hadoop-hdfs-project/hadoop-hdfs/CHANGES.txt > Renable SSLv2Hello in HttpFS > > > Key: HDFS-7391 > URL: https://issues.apache.org/jira/browse/HDFS-7391 > Project: Hadoop HDFS > Issue Type: Bug > Components: webhdfs >Affects Versions: 2.6.0, 2.5.2 >Reporter: Robert Kanter >Assignee: Robert Kanter >Priority: Blocker > Fix For: 2.6.0 > > Attachments: HDFS-7391-branch-2.5.patch, HDFS-7391.patch > > > We should re-enable "SSLv2Hello", which is required for older clients (e.g. > Java 6 with openssl 0.9.8x) so they can't connect without it. Just to be > clear, it does not mean SSLv2, which is insecure. > I couldn't simply do an addendum patch on HDFS-7274 because it's already been > closed. -- This message was sent by Atlassian JIRA (v6.3.4#6332)
[jira] [Commented] (HDFS-7391) Renable SSLv2Hello in HttpFS
[ https://issues.apache.org/jira/browse/HDFS-7391?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14209897#comment-14209897 ] Hudson commented on HDFS-7391: -- SUCCESS: Integrated in Hadoop-Mapreduce-trunk-Java8 #4 (See [https://builds.apache.org/job/Hadoop-Mapreduce-trunk-Java8/4/]) HDFS-7391. Renable SSLv2Hello in HttpFS. Contributed by Robert Kanter. (acmurthy: rev 9f0319bba1788e4c579ce533b14c0deab63f28ee) * hadoop-hdfs-project/hadoop-hdfs/CHANGES.txt * hadoop-hdfs-project/hadoop-hdfs-httpfs/src/main/tomcat/ssl-server.xml > Renable SSLv2Hello in HttpFS > > > Key: HDFS-7391 > URL: https://issues.apache.org/jira/browse/HDFS-7391 > Project: Hadoop HDFS > Issue Type: Bug > Components: webhdfs >Affects Versions: 2.6.0, 2.5.2 >Reporter: Robert Kanter >Assignee: Robert Kanter >Priority: Blocker > Fix For: 2.6.0 > > Attachments: HDFS-7391-branch-2.5.patch, HDFS-7391.patch > > > We should re-enable "SSLv2Hello", which is required for older clients (e.g. > Java 6 with openssl 0.9.8x) so they can't connect without it. Just to be > clear, it does not mean SSLv2, which is insecure. > I couldn't simply do an addendum patch on HDFS-7274 because it's already been > closed. -- This message was sent by Atlassian JIRA (v6.3.4#6332)
