Disabling TLS protocols on JMX ports
TLS 1.0 and 1.1 protocols are out-of-date and contain security vulnerabilities. Cloudera Manager now only supports TLS 1.2 for Java 8. For Java 11 and higher versions, Cloudera Manager supports TLS 1.2 and TLS 1.3.
TLS 1.0 and 1.1 protocols for every JVM started by Cloudera Manager are disabled now by default. TLS 1.2 and TLS 1.3 protocols are enabled automatically when you start the Cloudera Manager.
You must disable TLS 1.3 protocol if it prevents JDK 8 on a host from running services.
Do the following steps to disable the TLS 1.3 protocol:
- SSH into the Cloudera Manager server as a root user.
Make sure that you add the
CMF_JMX_NO_TLS_1_3environment variable and set it to
“true”in the /etc/default/cloudera-scm-server configuration file as follows:
- Save the file and exit.
Run the following command to restart the Cloudera Manager server:
systemctl restart cloudera-scm-server