HTTPS Excluded Ciphers

Lists the weak ciphers that are excluded from the data-fabric HTTPS implementation.

By default, the following weak TLS/SSL ciphers are excluded from the data-fabric HTTPS implementation:

  • SSL_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA
  • SSL_RSA_EXPORT_WITH_DES40_CBC_SHA
  • SSL_RSA_EXPORT_WITH_RC4_40_MD5

You can modify this list of excluded ciphers by editing the hadoop.ssl.exclude.cipher.suites property in the core-site.xml file. Restart the web servers that use the HTTPS protocol after changing the list of excluded ciphers. The following web servers use HTTPS:

  • Control System
  • NodeManager
  • ResourceManager
  • HistoryServer
  • CLDB
  • HBase