[
https://issues.apache.org/jira/browse/IMPALA-11195?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17755245#comment-17755245
]
Michael Smith commented on IMPALA-11195:
----------------------------------------
For some reason this is causing webserver-test to fail with OpenSSL 1.0.2 (i.e.
CentOS 7.9):
{code}
[ RUN ] Webserver.SslTest
/data/jenkins/workspace/impala-asf-master-core/repos/Impala/be/src/util/webserver-test.cc:311:
Failure
Value of: response.find( "Strict-Transport-Security: max-age=31536000;
includeSubDomains") != string::npos
Actual: false
Expected: true
[ FAILED ] Webserver.SslTest (115 ms)
{code}
> Disable SSL session renegotiation
> ---------------------------------
>
> Key: IMPALA-11195
> URL: https://issues.apache.org/jira/browse/IMPALA-11195
> Project: IMPALA
> Issue Type: Bug
> Components: Backend
> Reporter: Zoltán Borók-Nagy
> Assignee: Zoltán Borók-Nagy
> Priority: Major
> Fix For: Impala 4.3.0
>
>
> SSL renegotiations has had a couple of CVEs in the past. We should figure out
> how to disable it.
> Kudu disabled SSL renegotations in KUDU-1926, so we can do something similar.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
