@Harsh J    I'm getting the same kind of issue/error while running the spark Job.  "JA009    JA009: org.apache.hive.hcatalog.common.HCatException : 9001 : Exception occurred while processing HCat request : TException while getting delegation token.. Cause : org.apache.thrift.transport.TTransportException: java.net.SocketTimeoutException: Read timed out " We are currently using CDH Version and CManager Version (5.13.3). So can you Please suggest me whether the procedure you provided in Version 5.1.1* above can be applied for 5.13 .  Appreciate your response.   Thanks Mannan. ... View more

@bgooley    Hi   That was quite a good list of steps I could find after searching a lot for procedures on upgrading the TLS 1.1 to 1.2.   I actually applied these steps on one of our test environment on CDH 5.13 cluster on centos 6 within our organization and submitted for the vulnerability scan and the report has come up with quite a number of ports still have TLS 1.1 vulnerability.   These are the ports:   11371 -- KTS server 11381-- postgresssql database 50475 External - Datanode-- dfs.datanode.https.address 13562 Yarn //mapreduce.shuffle.port 9093--kafka 8985 -- solr_https_port 8044 --Yarn,node manager --yarn. nodemanager. webapp.https.address 20550 --hbase.rest.port 19890-- Yarn Job history server, mapreduce. jobhistory. webapp.address 11443 -- Oozie server 9095 --Hbase Thrift server 8889 -- Hue load balancer 60010 -- hbase.master. info.port (http) 7187-- Cloudera manager server (metadataserve/https web UI) 50470 -- dfs.https.address or dfs.namenode.https-address (dfs.https.addressis deprecated (but still works) 14000 -- HttpFS 8481 --Hadoop --dfs.journalnode. https-address 8090 -- yarn. resourcemanager. webapp.https.address 8044 ---yarn. nodemanager. webapp.https.address 60030 -- hbase. regionserver. info.port.   please let us know how we can overcome/resolve this issue. Looking forward for your response.   Thanks Abdul ... View more