Impala Public Jenkins has submitted this change and it was merged. ( http://gerrit.cloudera.org:8080/18654 )
Change subject: IMPALA-11240: Change default ssl_cipher_list to eliminate insecure ciphers ...................................................................... IMPALA-11240: Change default ssl_cipher_list to eliminate insecure ciphers The current default value for ssl_cipher_list is empty, which allows any cipher supported by the operating system's OpenSSL version. On several operating systems, this includes several known weak ciphers, such as those based on RC4. This changes the default to match what is used by Kudu, which is based on Mozilla's intermediate compatability level: https://wiki.mozilla.org/Security/Server_Side_TLS Users can get the old behavior by setting the ssl_cipher_list="". Tests: - Ran core tests Change-Id: I69fbfdbca3640b50d90e943f4d5c63fbc9cb1e76 Reviewed-on: http://gerrit.cloudera.org:8080/18654 Reviewed-by: Impala Public Jenkins <[email protected]> Tested-by: Impala Public Jenkins <[email protected]> --- M be/src/service/impala-server.cc 1 file changed, 6 insertions(+), 4 deletions(-) Approvals: Impala Public Jenkins: Looks good to me, approved; Verified -- To view, visit http://gerrit.cloudera.org:8080/18654 To unsubscribe, visit http://gerrit.cloudera.org:8080/settings Gerrit-Project: Impala-ASF Gerrit-Branch: master Gerrit-MessageType: merged Gerrit-Change-Id: I69fbfdbca3640b50d90e943f4d5c63fbc9cb1e76 Gerrit-Change-Number: 18654 Gerrit-PatchSet: 4 Gerrit-Owner: Joe McDonnell <[email protected]> Gerrit-Reviewer: Impala Public Jenkins <[email protected]> Gerrit-Reviewer: Joe McDonnell <[email protected]> Gerrit-Reviewer: Michael Smith <[email protected]> Gerrit-Reviewer: Wenzhe Zhou <[email protected]>
