[jira] [Commented] (THRIFT-4434) Update .NET Core components, add tests for .Net Core library and .Net Core compiler, fix bugs and build process

[ASF GitHub Bot (JIRA)]

    [ 
https://issues.apache.org/jira/browse/THRIFT-4434?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16324235#comment-16324235
 ] 

ASF GitHub Bot commented on THRIFT-4434:
----------------------------------------

Github user jeking3 commented on the issue:

    https://github.com/apache/thrift/pull/1449
  
    The log is there:
    ```
    
===============================================================================
    *** Following 1 failures were unexpected ***:
    If it is introduced by you, please fix it before submitting the code.
    
===============================================================================
    server-client:          protocol:         transport:               result:
    csharp-tls              binary            buffered-ip-ssl          
failure(3)
    
===============================================================================
    ```
    
    There is a security feature test in test/features called tls and it 
verifies that the server accepts a TLS connection.  It verifies that a TLSv1.0, 
TLSv1.1, or TLSv1.2 client can connect successfully.  If this is failing then 
something changed in the code that restricted the TLS to one level.
    
    We currently use SSLv23 handshake and disable the use of SSLv2 and SSLv3, 
so that the client can connect at TLSv1.0 or higher.
    
    There's a story in the backlog to move all languages by default up to 
TLSv1.2 to improve security.
    
    https://issues.apache.org/jira/browse/THRIFT-3165
    
    Implementing that across the board would be verified by modifying tls.sh in 
test/features so that TLSv1.0 and TLSv1.1 was NOT expected to allow a 
connection by default.
    
    What I have found is that if you specify a handshake at TLSv10, then ONLY 
TLSv1.0 is allowed to connect.   It doesn't allow TLSv1.1 or TLSv1.2 to 
connect. If you specify a SSLv23 handshake, but disable SSLv2 and SSLv3 
negotiation, then any client can connect and they can only negotiate at TLSv1.0 
or later, which is the current behavior we have.


> Update .NET Core components, add tests for .Net Core library and .Net Core 
> compiler, fix bugs and build process
> ---------------------------------------------------------------------------------------------------------------
>
>                 Key: THRIFT-4434
>                 URL: https://issues.apache.org/jira/browse/THRIFT-4434
>             Project: Thrift
>          Issue Type: Improvement
>          Components: .NETCore - Compiler, .NETCore - Library, Build Process
>         Environment: Windows, Linux, MacOS
>            Reporter: Volodymyr Gotra
>            Assignee: Volodymyr Gotra
>            Priority: Critical
>
> This pull request should:
> - highly improve the current version of .Net Core library and .Net Core 
> compiler and quality of code
> - improve and simplify build process
> - improve documentation related to .Net Core library and compiler
> - fix found bugs (some of bugs can be clarified like major - they are related 
> to porting of protocols from Java version and can be present in C# library)
> - add important unit tests for .Net Core library and .Net Core compiler
> - add possibility to easy add unit tests for compiler for other languages



--
This message was sent by Atlassian JIRA
(v6.4.14#64029)