Support Questions

Find answers, ask questions, and share your expertise
Announcements
Celebrating as our community reaches 100,000 members! Thank you!

how to disable SSLv3 in Hue ?

avatar
Guru

Hello,

due to security constraints I have to disable SSLv3 for all the Web-UIs available in the stack.

For Ambari/Ranger/Knox this isn't a problem at all, but I have no clue how to disable SSLv3 in Hue (used version is 2.6.1-2, yes, pretty old 😉 ).

Any hint highly appreciated.

Thanks, Gerd

1 ACCEPTED SOLUTION

avatar
Guru
3 REPLIES 3

avatar

It appears Hue uses Django for the web server, which can either run with its own embedded server (recommended for dev/test only) and using Apache httpd (recommended for production). To disable SSLv2/v3 in Apache, you should use the following config line in each VirtualHost block in the httpd.conf or ssl.conf files:

SSLProtocol all -SSLv2 -SSLv3

avatar
Guru

Hi @Andy LoPresto, many thanks for your reply.

Since we are not using apache-httpd for that, I applied the one-line-patch for disabling SSLv3 from the embedded webserver (see my answer). ...and on the long run I want to switch to AmbariViews anyways 😉

avatar
Guru