[HADOOP-14083] KMS should support old SSL clients - ASF JIRA

XML

Word

Printable

JSON

Details

Type: Improvement
Status: Resolved
Priority: Minor
Resolution: Fixed
Affects Version/s: 2.8.0, 2.7.4, 2.6.6
Fix Version/s: 2.9.0
Component/s: kms
Labels:
None

Target Version/s:

2.9.0
Hadoop Flags:

Reviewed

Description

~~HADOOP-13812~~ upgraded Tomcat to 6.0.48 which filters weak ciphers. Old SSL clients such as curl stop working. The symptom is NSS error -12286 when running curl -v.

Instead of forcing the SSL clients to upgrade, we can configure Tomcat to explicitly allow enough weak ciphers so that old SSL clients can work.

Attachments

- Sort By Name
- Sort By Date
- Ascending
- Descending

HADOOP-14083.branch-2.002.patch
19/Feb/17 10:15
14 kB
John Zhuge
HADOOP-14083.branch-2.001.patch
15/Feb/17 20:05
5 kB
John Zhuge

Issue Links

breaks

HADOOP-14131 kms.sh creates bogus dir for tomcat logs

Resolved

is broken by

HADOOP-13812 Upgrade Tomcat to 6.0.48

Resolved

is depended upon by

HADOOP-14242 Make KMS Tomcat SSL property sslEnabledProtocols and clientAuth configurable

Resolved

HADOOP-14141 Store KMS SSL keystore password in catalina.properties

Resolved

HADOOP-14417 Update default SSL cipher list for KMS

Resolved

is related to

HDFS-11418 HttpFS should support old SSL clients

Resolved

(1 is related to)

Activity

People

Assignee:: John Zhuge

Reporter:: John Zhuge

Votes:: 0 Vote for this issue

Watchers:: 5 Start watching this issue

Dates

Created:: 15/Feb/17 18:25

Updated:: 12/May/17 14:21

Resolved:: 28/Feb/17 02:18