HADOOP-16549. Remove Unsupported SSL/TLS Versions from Docs/Properties. Contributed by Daisuke Kobayashi.

Daisuke Kobayashi · jojochuang · commit bc2d3a71d6e0 · 2019-09-10T10:51:47.000+08:00
Signed-off-by: Wei-Chiu Chuang &lt;weichiu@apache.org&gt;
Reviewed-by: Akira Ajisaka &lt;aajisaka@apache.org&gt;
diff --git a/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/security/ssl/SSLFactory.java b/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/security/ssl/SSLFactory.java
@@ -72,7 +72,7 @@ public enum Mode { CLIENT, SERVER }
   public static final String SSL_ENABLED_PROTOCOLS_KEY =
       "hadoop.ssl.enabled.protocols";
   public static final String SSL_ENABLED_PROTOCOLS_DEFAULT =
-      "TLSv1.1,TLSv1.2";
+      "TLSv1.2";
 
   public static final String SSL_SERVER_NEED_CLIENT_AUTH =
       "ssl.server.need.client.auth";
diff --git a/hadoop-common-project/hadoop-common/src/main/resources/core-default.xml b/hadoop-common-project/hadoop-common/src/main/resources/core-default.xml
@@ -2703,9 +2703,9 @@
 
 <property>
   <name>hadoop.ssl.enabled.protocols</name>
-  <value>TLSv1.1,TLSv1.2</value>
+  <value>TLSv1.2</value>
   <description>
-    The supported SSL protocols. The parameter will only used from
+    The supported SSL protocols. The parameter will only be used from
     DatanodeHttpServer.
   </description>
 </property>
diff --git a/hadoop-mapreduce-project/hadoop-mapreduce-client/hadoop-mapreduce-client-core/src/site/markdown/EncryptedShuffle.md b/hadoop-mapreduce-project/hadoop-mapreduce-client/hadoop-mapreduce-client-core/src/site/markdown/EncryptedShuffle.md
@@ -46,7 +46,7 @@ To enable encrypted shuffle, set the following properties in core-site.xml of al
 | `hadoop.ssl.keystores.factory.class` | `org.apache.hadoop.security.ssl.FileBasedKeyStoresFactory` | The KeyStoresFactory implementation to use |
 | `hadoop.ssl.server.conf` | `ssl-server.xml` | Resource file from which ssl server keystore information will be extracted. This file is looked up in the classpath, typically it should be in Hadoop conf/ directory |
 | `hadoop.ssl.client.conf` | `ssl-client.xml` | Resource file from which ssl server keystore information will be extracted. This file is looked up in the classpath, typically it should be in Hadoop conf/ directory |
-| `hadoop.ssl.enabled.protocols` | `TLSv1,SSLv2Hello,TLSv1.1,TLSv1.2` | The supported SSL protocols |
+| `hadoop.ssl.enabled.protocols` | `TLSv1.2` | The supported SSL protocols. The parameter will only be used from DatanodeHttpServer. |
 
 **IMPORTANT:** Currently requiring client certificates should be set to false. Refer the [Client Certificates](#Client_Certificates) section for details.
 
