HADOOP-12817. Enable TLS v1.1 and 1.2 (rkanter)
This commit is contained in:
parent
5d1889a66d
commit
a365a3941c
|
@ -691,6 +691,8 @@ Release 2.9.0 - UNRELEASED
|
|||
HADOOP-12710. Remove dependency on commons-httpclient for TestHttpServerLogs
|
||||
(Wei-Chiu Chuang via iwasakims)
|
||||
|
||||
HADOOP-12817. Enable TLS v1.1 and 1.2 (rkanter)
|
||||
|
||||
BUG FIXES
|
||||
|
||||
HADOOP-12605. Fix intermittent failure of TestIPC.testIpcWithReaderQueuing
|
||||
|
|
|
@ -69,7 +69,8 @@ public class SSLFactory implements ConnectionConfigurator {
|
|||
|
||||
public static final String SSL_ENABLED_PROTOCOLS =
|
||||
"hadoop.ssl.enabled.protocols";
|
||||
public static final String DEFAULT_SSL_ENABLED_PROTOCOLS = "TLSv1";
|
||||
public static final String DEFAULT_SSL_ENABLED_PROTOCOLS =
|
||||
"TLSv1,SSLv2Hello,TLSv1.1,TLSv1.2";
|
||||
|
||||
private Configuration conf;
|
||||
private Mode mode;
|
||||
|
|
|
@ -1644,9 +1644,9 @@ for ldap providers in the same way as above does.
|
|||
|
||||
<property>
|
||||
<name>hadoop.ssl.enabled.protocols</name>
|
||||
<value>TLSv1</value>
|
||||
<value>TLSv1,SSLv2Hello,TLSv1.1,TLSv1.2</value>
|
||||
<description>
|
||||
Protocols supported by the ssl.
|
||||
The supported SSL protocols.
|
||||
</description>
|
||||
</property>
|
||||
|
||||
|
|
|
@ -44,7 +44,7 @@ To enable encrypted shuffle, set the following properties in core-site.xml of al
|
|||
| `hadoop.ssl.keystores.factory.class` | `org.apache.hadoop.security.ssl.FileBasedKeyStoresFactory` | The KeyStoresFactory implementation to use |
|
||||
| `hadoop.ssl.server.conf` | `ssl-server.xml` | Resource file from which ssl server keystore information will be extracted. This file is looked up in the classpath, typically it should be in Hadoop conf/ directory |
|
||||
| `hadoop.ssl.client.conf` | `ssl-client.xml` | Resource file from which ssl server keystore information will be extracted. This file is looked up in the classpath, typically it should be in Hadoop conf/ directory |
|
||||
| `hadoop.ssl.enabled.protocols` | `TLSv1` | The supported SSL protocols (JDK6 can use **TLSv1**, JDK7+ can use **TLSv1,TLSv1.1,TLSv1.2**) |
|
||||
| `hadoop.ssl.enabled.protocols` | `TLSv1,SSLv2Hello,TLSv1.1,TLSv1.2` | The supported SSL protocols |
|
||||
|
||||
**IMPORTANT:** Currently requiring client certificates should be set to false. Refer the [Client Certificates](#Client_Certificates) section for details.
|
||||
|
||||
|
|
Loading…
Reference in New Issue