Joe McDonnell has uploaded this change for review. ( http://gerrit.cloudera.org:8080/18654
Change subject: IMPALA-11240: Change default ssl_cipher_list to eliminate insecure ciphers ...................................................................... IMPALA-11240: Change default ssl_cipher_list to eliminate insecure ciphers The current default value for ssl_cipher_list is empty, which allows any cipher supported by the operating system's OpenSSL version. On several operating systems, this includes several known weak ciphers, such as those based on RC4. This changes the default to match what is used by Kudu, which is based on Mozilla's intermediate compatability level: https://wiki.mozilla.org/Security/Server_Side_TLS Users can get the old behavior by setting the ssl_cipher_list="". Tests: - Ran core tests Change-Id: I69fbfdbca3640b50d90e943f4d5c63fbc9cb1e76 --- M be/src/service/impala-server.cc 1 file changed, 3 insertions(+), 1 deletion(-) git pull ssh://gerrit.cloudera.org:29418/Impala-ASF refs/changes/54/18654/1 -- To view, visit http://gerrit.cloudera.org:8080/18654 To unsubscribe, visit http://gerrit.cloudera.org:8080/settings Gerrit-Project: Impala-ASF Gerrit-Branch: master Gerrit-MessageType: newchange Gerrit-Change-Id: I69fbfdbca3640b50d90e943f4d5c63fbc9cb1e76 Gerrit-Change-Number: 18654 Gerrit-PatchSet: 1 Gerrit-Owner: Joe McDonnell <[email protected]>
