Henry Robinson has uploaded a new change for review. http://gerrit.cloudera.org:8080/7606
Change subject: IMPALA-5743: Support TLS version configuration for Thrift servers ...................................................................... IMPALA-5743: Support TLS version configuration for Thrift servers * Add --ssl_minimum_version which controls the minimum SSL/TLS version that clients and servers will use when negotiating a secure connection. * Two kinds of version specification are allowed: 'TLSv1.1' enables TLSv1.1 and all subsequent verisons. 'TLSv1.1_only' enables only TLSv1.1. The latter is not exposed in user-facing text as it is typically only used for testing. * Handle case where platform may not support TLSv1.1 or v1.2 by checking OpenSSL version number. * Bump Thrift toolchain version to -p10. Testing: * New tests in thrift-server-test.cc. In particular, test all 36 configurations of client and server protocol versions, and ensure that the expected successes or failures are seen. Change-Id: I4c68a6c9658ddbfbe8025f2021fd5ed7a9dec5a5 --- M be/src/rpc/thrift-client.cc M be/src/rpc/thrift-client.h M be/src/rpc/thrift-server-test.cc M be/src/rpc/thrift-server.cc M be/src/rpc/thrift-server.h M be/src/service/impala-server.cc M bin/impala-config.sh 7 files changed, 176 insertions(+), 28 deletions(-) git pull ssh://gerrit.cloudera.org:29418/Impala-ASF refs/changes/06/7606/1 -- To view, visit http://gerrit.cloudera.org:8080/7606 To unsubscribe, visit http://gerrit.cloudera.org:8080/settings Gerrit-MessageType: newchange Gerrit-Change-Id: I4c68a6c9658ddbfbe8025f2021fd5ed7a9dec5a5 Gerrit-PatchSet: 1 Gerrit-Project: Impala-ASF Gerrit-Branch: master Gerrit-Owner: Henry Robinson <he...@cloudera.com>