Ying Zhang created HDFS-15824:
---------------------------------
Summary: Update to enable TLS >=1.2 as default secure protocols
Key: HDFS-15824
URL: https://issues.apache.org/jira/browse/HDFS-15824
Project: Hadoop HDFS
Issue Type: Improvement
Components: contrib/hdfsproxy
Reporter: Ying Zhang
in file
src/contrib/hdfsproxy/src/java/org/apache/hadoop/hdfsproxy/ProxyUtil.java, line
125, the SSL protocol is used in statement: SSLContext sc =
SSLContext.getInstance("SSL");
*Impact:*
An SSL DDoS attack targets the SSL handshake protocol either by sending
worthless data to the SSL server which will result in connection issues for
legitimate users or by abusing the SSL handshake protocol itself.
*Suggestions:*
Upgrade the implementation to the “TLS”, and configure https.protocols JVM
option to include TLSv1.2:
*Useful links:*
[https://blogs.oracle.com/java-platform-group/diagnosing-tls,-ssl,-and-https]
[https://www.appmarq.com/public/tqi,1039002,CWE-319-Avoid-using-Deprecated-SSL-protocols-to-secure-connection]
*Please share with us your opinions/comments if there is any:*
Is the bug report helpful?
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
---------------------------------------------------------------------
To unsubscribe, e-mail: hdfs-dev-unsubscr...@hadoop.apache.org
For additional commands, e-mail: hdfs-dev-h...@hadoop.apache.org
