diff --git a/hadoop-common-project/hadoop-kms/src/main/conf/kms-env.sh b/hadoop-common-project/hadoop-kms/src/main/conf/kms-env.sh
index 44dfe6afcdd..7ac74bb244a 100644
--- a/hadoop-common-project/hadoop-kms/src/main/conf/kms-env.sh
+++ b/hadoop-common-project/hadoop-kms/src/main/conf/kms-env.sh
@@ -40,6 +40,10 @@
 #
 # export KMS_MAX_THREADS=1000
 
+# The maximum size of Tomcat HTTP header
+#
+# export KMS_MAX_HTTP_HEADER_SIZE=65536
+
 # The location of the SSL keystore if using SSL
 #
 # export KMS_SSL_KEYSTORE_FILE=${HOME}/.keystore
diff --git a/hadoop-common-project/hadoop-kms/src/main/libexec/kms-config.sh b/hadoop-common-project/hadoop-kms/src/main/libexec/kms-config.sh
index 3ac929a2fc2..7c07b9a819b 100644
--- a/hadoop-common-project/hadoop-kms/src/main/libexec/kms-config.sh
+++ b/hadoop-common-project/hadoop-kms/src/main/libexec/kms-config.sh
@@ -143,6 +143,13 @@ else
   print "Using   KMS_MAX_THREADS:     ${KMS_MAX_THREADS}"
 fi
 
+if [ "${KMS_MAX_HTTP_HEADER_SIZE}" = "" ]; then
+  export KMS_MAX_HTTP_HEADER_SIZE=65536
+  print "Setting KMS_MAX_HTTP_HEADER_SIZE:     ${KMS_MAX_HTTP_HEADER_SIZE}"
+else
+  print "Using   KMS_MAX_HTTP_HEADER_SIZE:     ${KMS_MAX_HTTP_HEADER_SIZE}"
+fi
+
 if [ "${KMS_SSL_KEYSTORE_FILE}" = "" ]; then
   export KMS_SSL_KEYSTORE_FILE=${HOME}/.keystore
   print "Setting KMS_SSL_KEYSTORE_FILE:     ${KMS_SSL_KEYSTORE_FILE}"
diff --git a/hadoop-common-project/hadoop-kms/src/main/sbin/kms.sh b/hadoop-common-project/hadoop-kms/src/main/sbin/kms.sh
index f6ef6a5d0cc..209303060df 100644
--- a/hadoop-common-project/hadoop-kms/src/main/sbin/kms.sh
+++ b/hadoop-common-project/hadoop-kms/src/main/sbin/kms.sh
@@ -57,6 +57,7 @@ catalina_opts="${catalina_opts} -Dkms.temp.dir=${KMS_TEMP}";
 catalina_opts="${catalina_opts} -Dkms.admin.port=${KMS_ADMIN_PORT}";
 catalina_opts="${catalina_opts} -Dkms.http.port=${KMS_HTTP_PORT}";
 catalina_opts="${catalina_opts} -Dkms.max.threads=${KMS_MAX_THREADS}";
+catalina_opts="${catalina_opts} -Dkms.max.http.header.size=${KMS_MAX_HTTP_HEADER_SIZE}";
 catalina_opts="${catalina_opts} -Dkms.ssl.keystore.file=${KMS_SSL_KEYSTORE_FILE}";
 catalina_opts="${catalina_opts} -Djava.library.path=${JAVA_LIBRARY_PATH}";
 
diff --git a/hadoop-common-project/hadoop-kms/src/main/tomcat/server.xml b/hadoop-common-project/hadoop-kms/src/main/tomcat/server.xml
index 516a6a9d0ca..d8fd161205b 100644
--- a/hadoop-common-project/hadoop-kms/src/main/tomcat/server.xml
+++ b/hadoop-common-project/hadoop-kms/src/main/tomcat/server.xml
@@ -75,7 +75,8 @@
     <Connector port="${kms.http.port}" protocol="HTTP/1.1"
                maxThreads="${kms.max.threads}"
                connectionTimeout="20000"
-               redirectPort="8443"/>
+               redirectPort="8443"
+               maxHttpHeaderSize="${kms.max.http.header.size}"/>
     <!-- A "Connector" using the shared thread pool-->
     <!--
     <Connector executor="tomcatThreadPool"
diff --git a/hadoop-common-project/hadoop-kms/src/main/tomcat/ssl-server.xml.conf b/hadoop-common-project/hadoop-kms/src/main/tomcat/ssl-server.xml.conf
index 05b53e06da8..01b429c7aed 100644
--- a/hadoop-common-project/hadoop-kms/src/main/tomcat/ssl-server.xml.conf
+++ b/hadoop-common-project/hadoop-kms/src/main/tomcat/ssl-server.xml.conf
@@ -70,6 +70,7 @@
          described in the APR documentation -->
     <Connector port="${kms.http.port}" protocol="HTTP/1.1" SSLEnabled="true"
                maxThreads="${kms.max.threads}" scheme="https" secure="true"
+               maxHttpHeaderSize="${kms.max.http.header.size}"
                clientAuth="false" sslEnabledProtocols="TLSv1,TLSv1.1,TLSv1.2,SSLv2Hello"
                truststorePass="_kms_ssl_truststore_pass_"
                keystoreFile="${kms.ssl.keystore.file}"
diff --git a/hadoop-common-project/hadoop-kms/src/site/markdown/index.md.vm b/hadoop-common-project/hadoop-kms/src/site/markdown/index.md.vm
index 44b5bfb3122..417d720ee7d 100644
--- a/hadoop-common-project/hadoop-kms/src/site/markdown/index.md.vm
+++ b/hadoop-common-project/hadoop-kms/src/site/markdown/index.md.vm
@@ -120,6 +120,7 @@ The following environment variables (which can be set in KMS's `etc/hadoop/kms-e
 * KMS_HTTP_PORT
 * KMS_ADMIN_PORT
 * KMS_MAX_THREADS
+* KMS_MAX_HTTP_HEADER_SIZE
 * KMS_LOGNOTE: You need to restart the KMS for the configuration changes to take effect.
 
 $H3 Loading native libraries