[
https://issues.apache.org/jira/browse/IMPALA-11195?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17513089#comment-17513089
]
ASF subversion and git services commented on IMPALA-11195:
----------------------------------------------------------
Commit ff21728838acd79d451959149f9adb8fdbf2798d in impala's branch
refs/heads/master from Zoltan Borok-Nagy
[ https://gitbox.apache.org/repos/asf?p=impala.git;h=ff21728 ]
IMPALA-11195 (part 2): Disable SSL session renegotiations in the Thrift server
SSL renegotiation has had a couple of CVEs in the past. This patch
disables TLS ciphers renegotiation for TLSv1.2 and prior protocol
versions in the Impala Thirft server. Renegotiation is not possible in
a TLSv1.3 connection.
This patch disables renegotiations by using a patched version of Thrift.
Change-Id: I497ccf6fcfb397fc961c3422a34128894604d1e4
Reviewed-on: http://gerrit.cloudera.org:8080/18351
Reviewed-by: Impala Public Jenkins <[email protected]>
Tested-by: Impala Public Jenkins <[email protected]>
> Disable SSL session renegotiation
> ---------------------------------
>
> Key: IMPALA-11195
> URL: https://issues.apache.org/jira/browse/IMPALA-11195
> Project: IMPALA
> Issue Type: Bug
> Components: Backend
> Reporter: Zoltán Borók-Nagy
> Assignee: Zoltán Borók-Nagy
> Priority: Major
>
> SSL renegotiations has had a couple of CVEs in the past. We should figure out
> how to disable it.
> Kudu disabled SSL renegotations in KUDU-1926, so we can do something similar.
--
This message was sent by Atlassian Jira
(v8.20.1#820001)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
