[HADOOP-16000] Remove TLSv1 and SSLv2Hello from the default value of hadoop.ssl.enabled.protocols - ASF JIRA

XML

Word

Printable

JSON

Details

Type: Improvement
Status: Resolved
Priority: Major
Resolution: Fixed
Affects Version/s: None
Fix Version/s: 3.3.0
Component/s: security
Labels:
None

Target Version/s:

3.3.0
Hadoop Flags:

Incompatible change, Reviewed
Release Note:
TLSv1 and SSLv2Hello were removed from the default value of "hadoop.ssl.enabled.protocols".

Description

core-default.xml

  public static final String SSL_ENABLED_PROTOCOLS_DEFAULT =
      "TLSv1,SSLv2Hello,TLSv1.1,TLSv1.2";

TLSv1 and SSLv2Hello are considered to be vulnerable. Let's remove these by default.

Attachments

Attachments

- Sort By Name
- Sort By Date
- Ascending
- Descending

HADOOP-16000.001.patch
12/Dec/18 06:29
2 kB
Gabor Bota
HADOOP-16000.002.patch
14/Dec/18 14:47
2 kB
Gabor Bota

Issue Links

is related to

HADOOP-15169 "hadoop.ssl.enabled.protocols" should be considered in httpserver2

Resolved

HADOOP-18140 Update default value of hadoop.ssl.enabled.protocols in the EncryptedShuffle doc

Resolved

HADOOP-16549 Remove Unsupported SSL/TLS Versions from Docs/Properties

Resolved

relates to

HADOOP-11243 SSLFactory shouldn't allow SSLv3

Closed

HADOOP-12817 Enable TLS v1.1 and 1.2

Resolved

Activity

People

Assignee:: Gabor Bota

Reporter:: Akira Ajisaka

Votes:: 0 Vote for this issue

Watchers:: 7 Start watching this issue

Dates

Created:: 12/Dec/18 05:05

Updated:: 24/Feb/22 05:58

Resolved:: 15/Dec/18 01:56