Skip to content

Commit

Permalink
RANGER-3153: Updated TLS version to 1.2 for ranger
Browse files Browse the repository at this point in the history
  • Loading branch information
@spolavarpau1
spolavarpau1 committed Jan 28, 2021
1 parent 47cfd46 commit 5df5124
Show file tree
Hide file tree
Showing 5 changed files with 9 additions and 9 deletions.
6 changes: 3 additions & 3 deletions embeddedwebserver/src/main/java/org/apache/ranger/server/tomcat/EmbeddedServer.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -77,7 +77,7 @@ public class EmbeddedServer {
private static final String KMS_SERVER_NAME = "rangerkms";
public static final String RANGER_KEYSTORE_FILE_TYPE_DEFAULT = KeyStore.getDefaultType();
public static final String RANGER_TRUSTSTORE_FILE_TYPE_DEFAULT = KeyStore.getDefaultType();
public static final String RANGER_SSL_CONTEXT_ALGO_TYPE = "TLS";
public static final String RANGER_SSL_CONTEXT_ALGO_TYPE = "TLSv1.2";
public static final String RANGER_SSL_KEYMANAGER_ALGO_TYPE = KeyManagerFactory.getDefaultAlgorithm();
public static final String RANGER_SSL_TRUSTMANAGER_ALGO_TYPE = TrustManagerFactory.getDefaultAlgorithm();

Expand Down Expand Up @@ -151,7 +151,7 @@ public void start() {
ssl.setSecure(true);
ssl.setScheme("https");
ssl.setAttribute("SSLEnabled", "true");
ssl.setAttribute("sslProtocol", EmbeddedServerUtil.getConfig("ranger.service.https.attrib.ssl.protocol", "TLS"));
ssl.setAttribute("sslProtocol", EmbeddedServerUtil.getConfig("ranger.service.https.attrib.ssl.protocol", "TLSv1.2"));
ssl.setAttribute("keystoreType", EmbeddedServerUtil.getConfig("ranger.keystore.file.type", RANGER_KEYSTORE_FILE_TYPE_DEFAULT));
ssl.setAttribute("truststoreType", EmbeddedServerUtil.getConfig("ranger.truststore.file.type", RANGER_TRUSTSTORE_FILE_TYPE_DEFAULT));
String clientAuth = EmbeddedServerUtil.getConfig("ranger.service.https.attrib.clientAuth", "false");
Expand All @@ -172,7 +172,7 @@ public void start() {
ssl.setAttribute("keystorePass", keystorePass);
ssl.setAttribute("keystoreFile", getKeystoreFile());

String defaultEnabledProtocols = "SSLv2Hello, TLSv1, TLSv1.1, TLSv1.2";
String defaultEnabledProtocols = "TLSv1.2";
String enabledProtocols = EmbeddedServerUtil.getConfig("ranger.service.https.attrib.ssl.enabled.protocols", defaultEnabledProtocols);
ssl.setAttribute("sslEnabledProtocols", enabledProtocols);
String ciphers = EmbeddedServerUtil.getConfig("ranger.tomcat.ciphers");
Expand Down
4 changes: 2 additions & 2 deletions security-admin/src/main/resources/conf.dist/ranger-admin-default-site.xml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -288,7 +288,7 @@

<property>
<name>ranger.service.https.attrib.ssl.protocol</name>
<value>TLS</value>
<value>TLSv1.2</value>
</property>

<property>
Expand Down Expand Up @@ -592,7 +592,7 @@
</property>
<property>
<name>ranger.service.https.attrib.ssl.enabled.protocols</name>
<value>SSLv2Hello, TLSv1, TLSv1.1, TLSv1.2</value>
<value>TLSv1.2</value>
</property>
<!-- Encryption -->
<property>
Expand Down
2 changes: 1 addition & 1 deletion ugsync/src/main/java/org/apache/ranger/ldapusersync/process/CustomSSLSocketFactory.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -104,7 +104,7 @@ public CustomSSLSocketFactory() {
}
}

sslContext = SSLContext.getInstance("TLS");
sslContext = SSLContext.getInstance("TLSv1.2");

sslContext.init(kmList, tmList, new SecureRandom());
sockFactory = sslContext.getSocketFactory();
Expand Down
2 changes: 1 addition & 1 deletion unixauthservice/conf.dist/ranger-ugsync-default.xml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -27,7 +27,7 @@
</property>
<property>
<name>ranger.usersync.https.ssl.enabled.protocols</name>
<value>SSLv2Hello, TLSv1, TLSv1.1, TLSv1.2</value>
<value>TLSv1.2</value>
</property>
<property>
<name>ranger.usersync.passwordvalidator.path</name>
Expand Down
4 changes: 2 additions & 2 deletions ...authservice/src/main/java/org/apache/ranger/authentication/UnixAuthenticationService.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -58,7 +58,7 @@ public class UnixAuthenticationService {

private static final String serviceName = "UnixAuthenticationService";

private static final String SSL_ALGORITHM = "TLS";
private static final String SSL_ALGORITHM = "TLSv1.2";
private static final String REMOTE_LOGIN_AUTH_SERVICE_PORT_PARAM = "ranger.usersync.port";

private static final String SSL_KEYSTORE_PATH_PARAM = "ranger.usersync.keystore.file";
Expand Down Expand Up @@ -237,7 +237,7 @@ private void init() throws Throwable {
String SSLEnabledProp = prop.getProperty(SSL_ENABLED_PARAM);

SSLEnabled = (SSLEnabledProp != null && (SSLEnabledProp.equalsIgnoreCase("true")));
String defaultEnabledProtocols = "SSLv2Hello, TLSv1, TLSv1.1, TLSv1.2";
String defaultEnabledProtocols = "TLSv1.2";
String enabledProtocols = prop.getProperty("ranger.usersync.https.ssl.enabled.protocols", defaultEnabledProtocols);
enabledProtocolsList=new ArrayList<String>(Arrays.asList(enabledProtocols.toUpperCase().trim().split("\\s*,\\s*")));
// LOG.info("Key:" + keyStorePath);
Expand Down

0 comments on commit 5df5124

Please sign in to comment.