9 سال پیش · a365a3941c
--- a/hadoop-common-project/hadoop-common/CHANGES.txt
+++ b/hadoop-common-project/hadoop-common/CHANGES.txt
@@ -691,6 +691,8 @@ Release 2.9.0 - UNRELEASED
 
				     HADOOP-12710. Remove dependency on commons-httpclient for TestHttpServerLogs
			
 
				     (Wei-Chiu Chuang via iwasakims)
			
 
				 
			
 
				+    HADOOP-12817. Enable TLS v1.1 and 1.2 (rkanter)
			
 
				+
			
 
				   BUG FIXES
			
 
				 
			
 
				     HADOOP-12605. Fix intermittent failure of TestIPC.testIpcWithReaderQueuing
			
--- a/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/security/ssl/SSLFactory.java
+++ b/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/security/ssl/SSLFactory.java
@@ -69,7 +69,8 @@ public class SSLFactory implements ConnectionConfigurator {
 
				 
			
 
				   public static final String SSL_ENABLED_PROTOCOLS =
			
 
				       "hadoop.ssl.enabled.protocols";
			
 
				-  public static final String DEFAULT_SSL_ENABLED_PROTOCOLS = "TLSv1";
			
 
				+  public static final String DEFAULT_SSL_ENABLED_PROTOCOLS =
			
 
				+      "TLSv1,SSLv2Hello,TLSv1.1,TLSv1.2";
			
 
				 
			
 
				   private Configuration conf;
			
 
				   private Mode mode;
			
--- a/hadoop-common-project/hadoop-common/src/main/resources/core-default.xml
+++ b/hadoop-common-project/hadoop-common/src/main/resources/core-default.xml
@@ -1644,9 +1644,9 @@ for ldap providers in the same way as above does.
 
				 
			
 
				 <property>
			
 
				   <name>hadoop.ssl.enabled.protocols</name>
			
 
				-  <value>TLSv1</value>
			
 
				+  <value>TLSv1,SSLv2Hello,TLSv1.1,TLSv1.2</value>
			
 
				   <description>
			
 
				-    Protocols supported by the ssl.
			
 
				+    The supported SSL protocols.
			
 
				   </description>
			
 
				 </property>
			
 
				 
			
--- a/hadoop-mapreduce-project/hadoop-mapreduce-client/hadoop-mapreduce-client-core/src/site/markdown/EncryptedShuffle.md
+++ b/hadoop-mapreduce-project/hadoop-mapreduce-client/hadoop-mapreduce-client-core/src/site/markdown/EncryptedShuffle.md
@@ -44,7 +44,7 @@ To enable encrypted shuffle, set the following properties in core-site.xml of al
 
				 | `hadoop.ssl.keystores.factory.class` | `org.apache.hadoop.security.ssl.FileBasedKeyStoresFactory` | The KeyStoresFactory implementation to use |
			
 
				 | `hadoop.ssl.server.conf` | `ssl-server.xml` | Resource file from which ssl server keystore information will be extracted. This file is looked up in the classpath, typically it should be in Hadoop conf/ directory |
			
 
				 | `hadoop.ssl.client.conf` | `ssl-client.xml` | Resource file from which ssl server keystore information will be extracted. This file is looked up in the classpath, typically it should be in Hadoop conf/ directory |
			
 
				-| `hadoop.ssl.enabled.protocols` | `TLSv1` | The supported SSL protocols (JDK6 can use **TLSv1**, JDK7+ can use **TLSv1,TLSv1.1,TLSv1.2**) |
			
 
				+| `hadoop.ssl.enabled.protocols` | `TLSv1,SSLv2Hello,TLSv1.1,TLSv1.2` | The supported SSL protocols |
			
 
				 
			
 
				 **IMPORTANT:** Currently requiring client certificates should be set to false. Refer the [Client Certificates](#Client_Certificates) section for details.