hadoop-common-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Vijay Singh (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (HADOOP-12668) Modify HDFS embeded jetty server logic in HttpServer2.java to exclude weak Ciphers through ssl-server.conf
Date Wed, 13 Jan 2016 17:17:40 GMT

    [ https://issues.apache.org/jira/browse/HADOOP-12668?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15096593#comment-15096593
] 

Vijay Singh commented on HADOOP-12668:
--------------------------------------

Please note that between patch 5 and patch 6 . I only added changes to ssl-server.xml.example
file which is not utilized for any test execution and the set of test that failed were mutually
exclusive leading me to strongly believe that these failures are intermittent failures rather
than caused by code itself. 
Additionally, the code does not alter or touch any of the functionality for failed test cases.
I suggest the code changes be reviewed and feedback be provided. I will appreciate feedback
if any and will work on resolving them if there are any issues in the contributed patch. Looking
forward to suggestions if any.

> Modify HDFS embeded jetty server logic in HttpServer2.java to exclude weak Ciphers through
ssl-server.conf
> ----------------------------------------------------------------------------------------------------------
>
>                 Key: HADOOP-12668
>                 URL: https://issues.apache.org/jira/browse/HADOOP-12668
>             Project: Hadoop Common
>          Issue Type: Improvement
>          Components: security
>    Affects Versions: 2.7.1
>            Reporter: Vijay Singh
>            Assignee: Vijay Singh
>            Priority: Critical
>              Labels: common, ha, hadoop, hdfs, security
>         Attachments: Hadoop-12668.006.patch
>
>   Original Estimate: 24h
>  Remaining Estimate: 24h
>
> Currently Embeded jetty Server used across all hadoop services is configured through
ssl-server.xml file from their respective configuration section. However, the SSL/TLS protocol
being used for this jetty servers can be downgraded to weak cipher suites. This code changes
aims to add following functionality:
> 1) Add logic in hadoop common (HttpServer2.java and associated interfaces) to spawn jetty
servers with ability to exclude weak cipher suites. I propose we make this though ssl-server.xml
and hence each service can choose to disable specific ciphers.
> 2) Modify DFSUtil.java used by HDFS code to supply new parameter ssl.server.exclude.cipher.list
for hadoop-common code, so it can exclude the ciphers supplied through this key.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Mime
View raw message