HUE-5278 [security] Support disabling TLSv1.1 and TLSv1

Review Request #8932 - Created Nov. 14, 2016 and updated

Prakash Ranade
hue
master
HUE-5278
hue
enricoberti, jennykim, johan, krish, ranade, romain, subrata, weixia
commit 8138a063aee3eea7695fc30a8e5ea4a246584870
Author: Prakash Ranade <ranade@cloudera.com>
Date:   Mon Nov 14 11:05:30 2016 -0800

    HUE-5278 [security] Support disabling TLSv1.1 and TLSv1

:100644 100644 143b87c... f771e84... M	desktop/conf.dist/hue.ini
:100644 100644 1ed2529... 3705950... M	desktop/conf/pseudo-distributed.ini.tmpl
:100644 100644 a036b8d... a1599b0... M	desktop/core/src/desktop/conf.py
:100644 100644 c752ae1... bcf6579... M	desktop/core/src/desktop/lib/wsgiserver.py
:100644 100644 668a24e... 2419a9e... M	desktop/core/src/desktop/management/commands/runcherrypyserver.py

limited testing done. End to end testing is not done since we need working version of HUE to test out CM/PyOpensSL and this change.

  • 1
  • 0
  • 1
  • 0
  • 2
Description From Last Updated
It is advised to use TLS1.2 as default. Prakash Ranade
  1. Nice!

    On comment on the defaut value

  2. desktop/core/src/desktop/conf.py (Diff revision 1)
     
     

    Should be keep defaul to v1 or it is safe to require 1.2?

  3. 
      
  1. 
      
  2. desktop/core/src/desktop/conf.py (Diff revision 1)
     
     

    It is advised to use TLS1.2 as default.

  3. 
      
  1. Ship It!
  2. 
      
Loading...