[
https://issues.apache.org/jira/browse/IMPALA-11195?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17755346#comment-17755346
]
ASF subversion and git services commented on IMPALA-11195:
----------------------------------------------------------
Commit 4a5057d2714b8030676bae3a2da73fd844df7b58 in impala's branch
refs/heads/master from Michael Smith
[ https://gitbox.apache.org/repos/asf?p=impala.git;h=4a5057d27 ]
IMPALA-11195: (Addendum) use actual SSL context
Uses the SSL context rather than sq_context for
SSL_CTX_set_info_callback. The prior code compiled successfully with a
warning I missed, and caused webserver-test to fail SslTest.
Change-Id: I7325ecc78b481354a46d77659edbd876593d934b
Reviewed-on: http://gerrit.cloudera.org:8080/20373
Tested-by: Impala Public Jenkins <[email protected]>
Reviewed-by: Michael Smith <[email protected]>
> Disable SSL session renegotiation
> ---------------------------------
>
> Key: IMPALA-11195
> URL: https://issues.apache.org/jira/browse/IMPALA-11195
> Project: IMPALA
> Issue Type: Bug
> Components: Backend
> Reporter: Zoltán Borók-Nagy
> Assignee: Zoltán Borók-Nagy
> Priority: Major
> Fix For: Impala 4.3.0
>
>
> SSL renegotiations has had a couple of CVEs in the past. We should figure out
> how to disable it.
> Kudu disabled SSL renegotations in KUDU-1926, so we can do something similar.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
