HADOOP-16000. Remove TLSv1 and SSLv2Hello from the default value of hadoop.ssl.enabled.protocols

Signed-off-by: Akira Ajisaka <aajisaka@apache.org>
2018-12-12 07:28:35 +01:00 · 2018-12-12 07:28:35 +01:00 · 1ea29b7385
parent 26e55d4ceb
commit 1ea29b7385
2 changed files with 4 additions and 3 deletions
--- a/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/security/ssl/SSLFactory.java
+++ b/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/security/ssl/SSLFactory.java
@ -72,7 +72,7 @@ public class SSLFactory implements ConnectionConfigurator {
  public static final String SSL_ENABLED_PROTOCOLS_KEY =
      "hadoop.ssl.enabled.protocols";
  public static final String SSL_ENABLED_PROTOCOLS_DEFAULT =
-      "TLSv1,SSLv2Hello,TLSv1.1,TLSv1.2";
+      "TLSv1.1,TLSv1.2";

  public static final String SSL_SERVER_NEED_CLIENT_AUTH =
      "ssl.server.need.client.auth";
--- a/hadoop-common-project/hadoop-common/src/main/resources/core-default.xml
+++ b/hadoop-common-project/hadoop-common/src/main/resources/core-default.xml
@ -2417,9 +2417,10 @@

 <property>
  <name>hadoop.ssl.enabled.protocols</name>
-  <value>TLSv1,SSLv2Hello,TLSv1.1,TLSv1.2</value>
+  <value>TLSv1.1,TLSv1.2</value>
  <description>
-    The supported SSL protocols.
+    The supported SSL protocols. The parameter will only used from
+    DatanodeHttpServer.
  </description>
 </property>