hbase

History

Mate Szalay-Beko 1542b50b00 HBASE-25993 Make excluded SSL cipher suites configurable for all Web UIs (#3375 ) When starting a jetty http server, one can explicitly exclude certain (unsecure) SSL cipher suites. This can be especially important, when the HBase cluster needs to be compliant with security regulations (e.g. FIPS). Currently it is possible to set the excluded ciphers for the ThriftServer ("hbase.thrift.ssl.exclude.cipher.suites") or for the RestServer ("hbase.rest.ssl.exclude.cipher.suites"), but one can not configure it for the regular InfoServer started by e.g. the master or region servers. In this commit I want to introduce a new configuration "ssl.server.exclude.cipher.list" to configure the excluded cipher suites for the http server started by the InfoServer. This parameter has the same name and will work in the same way, as it was already implemented in hadoop (e.g. for hdfs/yarn). See: HADOOP-12668, HADOOP-14341 Co-authored-by: Mate Szalay-Beko <symat@apache.com> Signed-off-by: Peter Somogyi <psomogyi@apache.org>	2021-06-10 16:48:51 +02:00
..
src	HBASE-25993 Make excluded SSL cipher suites configurable for all Web UIs (#3375 )	2021-06-10 16:48:51 +02:00
pom.xml	HBASE-25770 Http InfoServers should honor gzip encoding when requested (#3159 )	2021-04-15 13:46:53 -07:00

Mate Szalay-Beko 1542b50b00 HBASE-25993 Make excluded SSL cipher suites configurable for all Web UIs (#3375 )

When starting a jetty http server, one can explicitly exclude certain (unsecure)
SSL cipher suites. This can be especially important, when the HBase cluster
needs to be compliant with security regulations (e.g. FIPS).

Currently it is possible to set the excluded ciphers for the ThriftServer
("hbase.thrift.ssl.exclude.cipher.suites") or for the RestServer
("hbase.rest.ssl.exclude.cipher.suites"), but one can not configure it for the
regular InfoServer started by e.g. the master or region servers.

In this commit I want to introduce a new configuration
"ssl.server.exclude.cipher.list" to configure the excluded cipher suites for the
http server started by the InfoServer. This parameter has the same name and will
work in the same way, as it was already implemented in hadoop (e.g. for hdfs/yarn).
See: HADOOP-12668, HADOOP-14341

Co-authored-by: Mate Szalay-Beko <symat@apache.com>
Signed-off-by: Peter Somogyi <psomogyi@apache.org>

2021-06-10 16:48:51 +02:00

src

HBASE-25993 Make excluded SSL cipher suites configurable for all Web UIs (#3375 )

2021-06-10 16:48:51 +02:00

pom.xml

HBASE-25770 Http InfoServers should honor gzip encoding when requested (#3159 )

2021-04-15 13:46:53 -07:00