HADOOP-11217. Disable SSLv3 in KMS. (Robert Kanter via kasha)

(cherry picked from commit 1a780823384a9c4289b8bb0b3c73e6b886d78fd0)

hadoop-common-project/hadoop-common/CHANGES.txt

@@ -639,6 +639,8 @@ Release 2.6.0 - UNRELEASED
     HADOOP-11170. ZKDelegationTokenSecretManager fails to renewToken created by 
     a peer. (Arun Suresh and Gregory Chanan via kasha)
 
+    HADOOP-11217. Disable SSLv3 in KMS. (Robert Kanter via kasha)
+
 Release 2.5.1 - 2014-09-05
 
   INCOMPATIBLE CHANGES

hadoop-common-project/hadoop-kms/src/main/tomcat/ssl-server.xml

@@ -70,7 +70,7 @@
          described in the APR documentation -->
     <Connector port="${kms.http.port}" protocol="HTTP/1.1" SSLEnabled="true"
                maxThreads="${kms.max.threads}" scheme="https" secure="true"
-               clientAuth="false" sslProtocol="TLS"
+               clientAuth="false" sslEnabledProtocols="TLSv1"
                keystoreFile="${kms.ssl.keystore.file}"
                keystorePass="${kms.ssl.keystore.pass}"/>