Hello Wenzhe Zhou, Michael Smith, Impala Public Jenkins,
I'd like you to reexamine a change. Please visit
http://gerrit.cloudera.org:8080/18654
to look at the new patch set (#2).
Change subject: IMPALA-11240: Change default ssl_cipher_list to eliminate
insecure ciphers
......................................................................
IMPALA-11240: Change default ssl_cipher_list to eliminate insecure ciphers
The current default value for ssl_cipher_list is empty, which
allows any cipher supported by the operating system's OpenSSL
version. On several operating systems, this includes several
known weak ciphers, such as those based on RC4.
This changes the default to match what is used by Kudu,
which is based on Mozilla's intermediate compatability
level:
https://wiki.mozilla.org/Security/Server_Side_TLS
Users can get the old behavior by setting the ssl_cipher_list="".
Tests:
- Ran core tests
Change-Id: I69fbfdbca3640b50d90e943f4d5c63fbc9cb1e76
---
M be/src/service/impala-server.cc
1 file changed, 6 insertions(+), 4 deletions(-)
git pull ssh://gerrit.cloudera.org:29418/Impala-ASF refs/changes/54/18654/2
--
To view, visit http://gerrit.cloudera.org:8080/18654
To unsubscribe, visit http://gerrit.cloudera.org:8080/settings
Gerrit-Project: Impala-ASF
Gerrit-Branch: master
Gerrit-MessageType: newpatchset
Gerrit-Change-Id: I69fbfdbca3640b50d90e943f4d5c63fbc9cb1e76
Gerrit-Change-Number: 18654
Gerrit-PatchSet: 2
Gerrit-Owner: Joe McDonnell <[email protected]>
Gerrit-Reviewer: Impala Public Jenkins <[email protected]>
Gerrit-Reviewer: Joe McDonnell <[email protected]>
Gerrit-Reviewer: Michael Smith <[email protected]>
Gerrit-Reviewer: Wenzhe Zhou <[email protected]>
