04-20-2018 02:22 PM - last edited on 04-21-2018 05:45 AM by cjervis
We have performed pentesting on our Coudera Manager and Hue web applicaitons and our pentesting findings listed"Insufficient Transport Layer Protection - Weak Cipher" vulnerabilities and our source/testing platform is Webinspect. These vulnerabilitites are critically high and need to be remediated at our earliest. We were able to fix weak cipher issues with Cloudera Manager by disabling TLS1.1, we are using TLS1.2 and modifed java.security file, but we are not able to remediate Hue web application issues with these changes. We came to know that usiing Django we can disable TLS1.1 on Hue server and remediate all weak ciphers on Hue web application .
I have disabled TLS1.1 and performed connectivity tests using openssl. Workaround was working fine with Cloudera mangaer, but could not remediate same workaround with Hue web application. I noticed that Cloudera fixed jira HUE-7155 "Hue needs to support TLSv1_1 and TLSv1_2 via Thrift connections" for HUE 4.1 release. We are currently using Hue 3.12 and CDH 5.11.1 versions in our environment. We also found that there is an option to re-mediate weak cipher issues via Django. if any of you experience same issue with Hue and having workaround to remediate weak cipher issues using Django on Hue web application, please share with me at earliest.
Any suggestions and tips would be greatly appreciated.