[jira] [Commented] (IMPALA-14312) ssl_minimum_version Validator Failing on Empty Value

Mon, 18 Aug 2025 08:54:05 -0700 


    [ 
https://issues.apache.org/jira/browse/IMPALA-14312?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=18014663#comment-18014663
 ] 

ASF subversion and git services commented on IMPALA-14312:
----------------------------------------------------------

Commit 0cd240a1cbd25ef097f392cbc02a70ad0b5f11d6 in impala's branch 
refs/heads/master from jasonmfehr
[ https://gitbox.apache.org/repos/asf?p=impala.git;h=0cd240a1c ]

IMPALA-14312: Fix Issues with ssl_minimum_version Flag Validator

The validator for the ssl_minimum_version flag has several issues
that are fixed.

Allows flag to be empty as long as both internal and external TLS is
not configured.

Fixes allowed value for TLS v1 to be tlsv1 instead of the incorrect
value tlsv1.0.

Removes "tlsv1.3" as an allowed value since Thrift does not support
that value as the minimum TLS version.

Testing accomplished by new ctests and manual testing.

Change-Id: I6493852b581e26c203b6b46b97be76100bcc534b
Reviewed-on: http://gerrit.cloudera.org:8080/23300
Tested-by: Impala Public Jenkins <[email protected]>
Reviewed-by: Jason Fehr <[email protected]>


> ssl_minimum_version Validator Failing on Empty Value
> ----------------------------------------------------
>
>                 Key: IMPALA-14312
>                 URL: https://issues.apache.org/jira/browse/IMPALA-14312
>             Project: IMPALA
>          Issue Type: Bug
>    Affects Versions: Impala 5.0.0
>            Reporter: Jason Fehr
>            Assignee: Jason Fehr
>            Priority: Critical
>             Fix For: Impala 5.0.0
>
>
> The validator for ssl_minimum_version added 
> [here|https://gerrit.cloudera.org/c/22924/99/be/src/service/impala-server.cc#260]
>  has a couple issues.
> 1. The value can be empty as long as TLS is not configured.  The validator is 
> failing whenever this value is empty no matter if TLS is enabled/disabled.
> 2. The value "tlsv1.0" is not valid based on 
> [this|https://github.com/apache/impala/blob/8053a68f3940e1c5c2533d0e263fb039ed91277b/be/src/rpc/thrift-server.cc#L74-L77],
>   
> [this|https://github.com/apache/impala/blob/8053a68f3940e1c5c2533d0e263fb039ed91277b/be/src/kudu/security/tls_context.cc#L119-L122],
>  and 
> [this|https://github.com/apache/impala/blob/8053a68f3940e1c5c2533d0e263fb039ed91277b/be/src/util/webserver-test.cc#L403].
> 3. The value "tlsv1.3" is not supported by Thrift.



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

Reply via email to