[
https://issues.apache.org/jira/browse/IMPALA-7519?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16626452#comment-16626452
]
ASF subversion and git services commented on IMPALA-7519:
---------------------------------------------------------
Commit cf7f221d2fe89681d0fb357ce47204d0366e3dfe in impala's branch
refs/heads/master from [~twmarshall]
[ https://git-wip-us.apache.org/repos/asf?p=impala.git;h=cf7f221 ]
IMPALA-7519: Support elliptic curve ssl ciphers
Thrift's SSLSocketFactory class does not support setting ciphers that
use ecdh. This patch modifies our existing subclass of
SSLSocketFactory to override the ciphers() method and enable ECDH.
The code for this was taken from be/src/kudu/security/tls_context.cc
Testing:
- Added a custom cluster test that verifies that a cluster with only
ECDH ciphers enabled works.
Change-Id: I1666ceabec51b425e8a82be1cf519e2ac35fa5a6
Reviewed-on: http://gerrit.cloudera.org:8080/11376
Reviewed-by: Impala Public Jenkins <[email protected]>
Tested-by: Impala Public Jenkins <[email protected]>
> Support elliptic curve ssl ciphers
> ----------------------------------
>
> Key: IMPALA-7519
> URL: https://issues.apache.org/jira/browse/IMPALA-7519
> Project: IMPALA
> Issue Type: Improvement
> Components: Backend, Clients
> Affects Versions: Impala 3.1.0
> Reporter: Thomas Tauber-Marshall
> Assignee: Thomas Tauber-Marshall
> Priority: Major
> Labels: security
>
> Thrift's SSLSocketFactory class does not support setting ciphers that use
> ecdh. We already override this class for others reasons, it would be
> straightforward to add the necessary openssl calls to enable this.
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
