Requirement to Enable Insecure Protocols
HPE Ezmeral Data Fabric
disables insecure protocols by default. For example, TLSv1 and SSLv3 are disabled by default
due to their associated security risks. In the event that your client environment or crypto
libraries cannot be upgraded, you can decide to enable insecure protocols.
NOTE
Enabling
insecure protocols is not recommended as the security of communications between the browser
and web server is put at risk.To enable insecure protocols:
- Based on your requirements, add one of the following configurations to the core-site.xml
file on each node with a service that runs a web server:
- To enable SSLv3:
<property> <name>hadoop.ssl.exclude.insecure.protocols</name> <value>SSLV3</value> </property>
- To enable
TLSv1:
<property> <name>hadoop.ssl.exclude.insecure.protocols</name> <value>TLSV1</value> </property>
- To enable all insecure protocols that HPE Ezmeral Data Fabric disables by
default:
<property> <name>hadoop.ssl.exclude.insecure.protocols</name> <value></value> </property
The core-site.xml is in the following location:
/opt/mapr/hadoop/hadoop-2.x.x/etc/hadoop/
- To enable SSLv3:
- Restart services associated with web servers.Examples:
- To restart the Control System webserver:
maprcli node services -webserver restart -nodes <webserver nodes>
- To restart the ResourceManager
service(s):
maprcli node services -name resourcemanager -action restart -nodes <space delimited list of resourcemanager nodes>
- To restart the Control System webserver: