HTTPS Excluded Ciphers
Lists the weak ciphers that are excluded from the data-fabric HTTPS implementation.
By default, the following weak TLS/SSL ciphers are excluded from the data-fabric HTTPS implementation:
-
SSL_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA
-
SSL_RSA_EXPORT_WITH_DES40_CBC_SHA
-
SSL_RSA_EXPORT_WITH_RC4_40_MD5
You can modify this list of excluded ciphers by editing the
hadoop.ssl.exclude.cipher.suites
property in the
core-site.xml
file. Restart the web servers that use the
HTTPS protocol after changing the list of excluded ciphers. The following web
servers use HTTPS:
- Control System
- NodeManager
- ResourceManager
- HistoryServer
- CLDB
- HBase