Hadoop Security Guide
Also available as:
PDF
loading table of contents...

Selectively disabling SSL protocol versions

To disable specific SSL protocol versions, use the following steps:

  1. Run openssl ciphers -v (or the corresponding command if not using openssl) to view all protocol versions.

  2. In addition to 1, an additional step of going over the HiveServer2 logs may be required to see all the protocols that the node running HiveServer2 is supporting. For that, search for "SSL Server Socket Enabled Protocols:" in the HiveServer2 log file.

  3. Add all the SSL protocols that need to be disabled to hive.ssl.protocol.blacklist. Ensure that the property in hiveserver2-site.xml does not override that in hive-site.xml.