Details
-
Type: Bug
-
Status: Resolved
-
Priority: Major
-
Resolution: Fixed
-
Affects Version/s: 4.8.0
-
Fix Version/s: 4.9.0
-
Component/s: app.querybrowser
-
Labels:None
-
Backward Incompatible:Backward Incompatible
Description
PROBLEM STATEMENT
Hive query failed after enforcing the TLS1.2.
From the Hue log, we can see there's error during TLS negotiation with Hive server.
The reproduction steps are simple:
modify the java.security file ($JAVA_HOME/jre/lib/security/java.security) to enforce TLS1.2 and then restart hive
jdk.tls.disabledAlgorithms=SSLv3, RC4, MD5withRSA, DH keySize < 768, 3DES_EDE_CBC, TLSv1, TLSv1.1
In Hue set cipher list as below and restart hue
[desktop] ssl_cipher_list=DEFAULT:!aNULL:!eNULL:!LOW:!EXPORT:!SSLv2:!SSLv3:!TLSv1
then the query browser wont work and the error is :
'NoneType' object has no attribute 'settimeout'
The Stacktrace
[22/Oct/2020 06:32:46 -0700] TSocket INFO Could not connect to ('<IP-ADDRESS>', 21050) Traceback (most recent call last): File "/opt/cloudera/parcels/CDH-7.1.3-1.cdh7.1.3.p0.4992530/lib/hue/build/env/lib/python2.7/site-packages/thrift-0.13.0-py2.7-linux-x86_64.egg/thrift/transport/TSocket.py", line 113, in open handle.connect(sockaddr) File "/usr/lib64/python2.7/ssl.py", line 867, in connect self._real_connect(addr, False) File "/usr/lib64/python2.7/ssl.py", line 858, in _real_connect self.do_handshake() File "/usr/lib64/python2.7/ssl.py", line 831, in do_handshake self._sslobj.do_handshake() SSLEOFError: EOF occurred in violation of protocol (_ssl.c:618) [22/Oct/2020 06:32:46 -0700] TSocket ERROR Could not connect to any of [('172.27.173.0', 21050)] [22/Oct/2020 06:32:46 -0700] thrift_util INFO Thrift saw exception: 'NoneType' object has no attribute 'settimeout'