Member since
03-19-2015
1
Post
0
Kudos Received
0
Solutions
03-19-2015
05:52 AM
We need to disable the TLSv1 cipher to meet a mandated organization security policy.
We've done this by editing the java.security file in the JDK 1.7 JRE's file and disabling other ciphers, RC4 and ECDHE (SSLv3 already disabled)
# Example:
jdk.tls.disabledAlgorithms=SSLv3, RC4, TLSv1, ECDHE
However when we disabled TLSv1 as well the whole stack wasn’t working and getting messages like this (I know it’s a warning)
2015-03-14 13:36:37,389 WARN 257524672@agentServer-0:org.mortbay.log: javax.net.ssl.SSLHandshakeException: Client requested protocol TLSv1 not enabled or not supported 2015-03-14 13:36:37,395 WARN 732163666@scm-web-453:org.mortbay.log: javax.net.ssl.SSLHandshakeException: Client requested protocol TLSv1 not enabled or not supported 2015-03-14 13:36:37,408 WARN 732163666@scm-web-453:org.mortbay.log: javax.net.ssl.SSLHandshakeException: Client requested protocol TLSv1 not enabled or not supported
We've had to re-enable TLSv1 and every thing was working
# Example:
jdk.tls.disabledAlgorithms=SSLv3, RC4, ECDHE
Questions:
1. Can the cloudera platform function with TLSv1 disabled?
2. If it can, what is the recommended way to disable it?
... View more
Labels:
- Labels:
-
Cloudera Manager