Disabling TLS protocols on JMX ports

TLS 1.0 and 1.1 protocols are out-of-date and contain security vulnerabilities. Cloudera Manager now only supports TLS 1.2 for Java 8. For Java 11 and higher versions, Cloudera Manager supports TLS 1.2 and TLS 1.3.

TLS 1.0 and 1.1 protocols for every JVM started by Cloudera Manager are disabled now by default. TLS 1.2 and TLS 1.3 protocols are enabled automatically when you start the Cloudera Manager.

You must disable TLS 1.3 protocol if it prevents JDK 8 on a host from running services.

Do the following steps to disable the TLS 1.3 protocol:

  1. SSH into the Cloudera Manager server as a root user.
  2. Make sure that you add the CMF_JMX_NO_TLS_1_3 environment variable and set it to “true” in the /etc/default/cloudera-scm-server configuration file as follows:
    1. Add export CMF_JMX_NO_TLS_1_3="true".
    2. Save the file and exit.
  3. Run the following command to restart the Cloudera Manager server:
    systemctl restart cloudera-scm-server