Henry Robinson has uploaded a new change for review. http://gerrit.cloudera.org:8080/7675
Change subject: IMPALA-5775: Allow shell to support TLSv1, v1.1 and v1.2 ...................................................................... IMPALA-5775: Allow shell to support TLSv1, v1.1 and v1.2 The shell uses Thrift's TSSLSocket to negotiate secure connections to Impala. This socket uses a variable SSL_VERSION to determine which SSL and TLS protocol versions it will connect to. SSL_VERSION was hardcoded to be PROTOCOL_TLSv1, which only supports TLSv1 servers and no other protocol version. Change the allowed version to be PROTOCOL_SSLv23, which supports any TLS or SSL protocol. We rely on the server not to allow SSLv2 or v3 connections. Testing: Added a new custom cluster test to confirm that the shell can connect to a TLSv1.2 cluster. Change-Id: I5487f82d110676b9c3c7a5305931da00c7f68ca0 --- M shell/TSSLSocketWithWildcardSAN.py M tests/custom_cluster/test_client_ssl.py M tests/util/thrift_util.py 3 files changed, 25 insertions(+), 0 deletions(-) git pull ssh://gerrit.cloudera.org:29418/Impala-ASF refs/changes/75/7675/1 -- To view, visit http://gerrit.cloudera.org:8080/7675 To unsubscribe, visit http://gerrit.cloudera.org:8080/settings Gerrit-MessageType: newchange Gerrit-Change-Id: I5487f82d110676b9c3c7a5305931da00c7f68ca0 Gerrit-PatchSet: 1 Gerrit-Project: Impala-ASF Gerrit-Branch: master Gerrit-Owner: Henry Robinson <[email protected]>
