Cloudera Docs

Enabling TLS in Cloudera Data Visualization

Cloudera Data Visualization supports both Auto-TLS and manual TLS configuration for securing communication with the Cloudera Data Visualization web server and reverse proxy. Transport Layer Security (TLS) is a cryptographic protocol that ensures secure data transmission between components.

TLS versions

  • TLS 1.2

  • TLS 1.3

TLS configuration options

Auto-TLS

When Cloudera Manager Auto-TLS is enabled in your Cloudera Base on premises environment, Cloudera Data Visualization automatically leverages the Auto-TLS certificates and keys for secure communication. No additional manual configuration is required

Manual TLS
You can configure TLS manually by specifying certificates and keys through dedicated Cloudera Manager parameters.

  • The location of key and certificate files can be set in the Cloudera Data Visualization service configuration.

  • Password-protected private keys are supported.

Managing TLS protocols and ciphers

Administrators can control the TLS protocols and (for TLS 1.2) the ciphers used by Cloudera Data Visualization's underlying Caddy web server.

Setting Description Example
DATAVIZ_TLS_PROTOCOLS

Minimum and maximum TLS versions supported

By default, Caddy supports TLS 1.2 (minimum) and TLS 1.3 (maximum).

 DATAVIZ_TLS_PROTOCOLS="tls1.2 tls1.2"

(forces TLS 1.2 only)
DATAVIZ_TLS_CIPHERS

List of allowed cipher names for TLS 1.2 connections

Note: TLS 1.3 ciphers cannot be configured.

 DATAVIZ_TLS_CIPHERS="TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384"

(a space-separated list of cipher names as recognized by the Go standard library)

This configuration enables compliance with organizational or regulatory requirements for TLS versions and cipher strength.

For more information on TLS protocols and ciphers, see the Caddy documentation.

Limitations

  • Custom cipher management is supported only for TLS 1.2. TLS 1.3 cipher configuration is not supported.

  • At least one supported TLS protocol must be enabled for Cloudera Data Visualization startup to succeed.