Support Questions
Find answers, ask questions, and share your expertise

Not able to disable TLSv1, TLSv1.1 on Apache Yarn

I have been requested to disable TLSv1 and TLSv1.1 from our Yarn service.
Some background: we run a HDP cluster version
After scrapping the web for the specific configuration I need to disable the algorithms, the only solution I found is to configure "jdk.tls.disabledAlgorithms.
I have set it both in "" file and in the jvm arguments themselves (via yarn-env setting in Ambari).


jdk.tls.disabledAlgorithms=TLSv1, SSLv3, RC4, DES, MD5withRSA, DH keySize < 1024, \
    EC keySize < 224, 3DES_EDE_CBC, anon, NULL, SSL, SSLv2, TLSv1.1


When I check the running process I see the following jvm arguments (due to the setting in yarn-env):


/usr/jdk64/jdk1.8.0_112/bin/java -Dproc_resourcemanager -Xmx1024m -Dzookeeper.sasl.client=true -Dzookeeper.sasl.client.username=zookeeper -Dzookeeper.sasl.clientconfig=Client -Dhdp.version= -Djdk.tls.disabledAlgorithms=TLSv1,TLSv1.1 -Dhadoop...


But, when I check the supported TLS versions on the resource manager port (8190 in my case), TLSv1 and TLSv1.1 are still supported.
Any help, ideas, and suggestions on how to correctly configure the TLS version support would be appreciated.