HADOOP-16549. Remove Unsupported SSL/TLS Versions from Docs/Properties. Contributed by Daisuke Kobayashi.
Signed-off-by: Wei-Chiu Chuang <weichiu@apache.org> Reviewed-by: Akira Ajisaka <aajisaka@apache.org>
This commit is contained in:
parent
650c4cead5
commit
bc2d3a71d6
@ -72,7 +72,7 @@ public enum Mode { CLIENT, SERVER }
|
||||
public static final String SSL_ENABLED_PROTOCOLS_KEY =
|
||||
"hadoop.ssl.enabled.protocols";
|
||||
public static final String SSL_ENABLED_PROTOCOLS_DEFAULT =
|
||||
"TLSv1.1,TLSv1.2";
|
||||
"TLSv1.2";
|
||||
|
||||
public static final String SSL_SERVER_NEED_CLIENT_AUTH =
|
||||
"ssl.server.need.client.auth";
|
||||
|
@ -2703,9 +2703,9 @@
|
||||
|
||||
<property>
|
||||
<name>hadoop.ssl.enabled.protocols</name>
|
||||
<value>TLSv1.1,TLSv1.2</value>
|
||||
<value>TLSv1.2</value>
|
||||
<description>
|
||||
The supported SSL protocols. The parameter will only used from
|
||||
The supported SSL protocols. The parameter will only be used from
|
||||
DatanodeHttpServer.
|
||||
</description>
|
||||
</property>
|
||||
|
@ -46,7 +46,7 @@ To enable encrypted shuffle, set the following properties in core-site.xml of al
|
||||
| `hadoop.ssl.keystores.factory.class` | `org.apache.hadoop.security.ssl.FileBasedKeyStoresFactory` | The KeyStoresFactory implementation to use |
|
||||
| `hadoop.ssl.server.conf` | `ssl-server.xml` | Resource file from which ssl server keystore information will be extracted. This file is looked up in the classpath, typically it should be in Hadoop conf/ directory |
|
||||
| `hadoop.ssl.client.conf` | `ssl-client.xml` | Resource file from which ssl server keystore information will be extracted. This file is looked up in the classpath, typically it should be in Hadoop conf/ directory |
|
||||
| `hadoop.ssl.enabled.protocols` | `TLSv1,SSLv2Hello,TLSv1.1,TLSv1.2` | The supported SSL protocols |
|
||||
| `hadoop.ssl.enabled.protocols` | `TLSv1.2` | The supported SSL protocols. The parameter will only be used from DatanodeHttpServer. |
|
||||
|
||||
**IMPORTANT:** Currently requiring client certificates should be set to false. Refer the [Client Certificates](#Client_Certificates) section for details.
|
||||
|
||||
|
Loading…
Reference in New Issue
Block a user