John Russell has posted comments on this change. ( http://gerrit.cloudera.org:8080/8401 )
Change subject: IMPALA-5473: [DOCS] Document TLS min version & cipher options ...................................................................... Patch Set 2: (2 comments) I'll punt to Sailesh for the answer to one of Henry's questions. http://gerrit.cloudera.org:8080/#/c/8401/2/docs/topics/impala_ssl.xml File docs/topics/impala_ssl.xml: http://gerrit.cloudera.org:8080/#/c/8401/2/docs/topics/impala_ssl.xml@171 PS2, Line 171: This value is used in some organizations to disallow TLS 1.0 and 1.1. > This seems redundant, as that's what "Allow any TLS version of 1.2 higher." Hmm I was trying to come up a subtle way to indicate, "consider using this value if your organization is security-conscious". I'm not an expert on TLS/SSL vulns but I did turn up this one that suggests some problems are in both 1.0 and 1.1 but not 1.2. https://nakedsecurity.sophos.com/2013/02/07/boffins-crack-https-encryptionin-lucky-thirteen-attack/ http://gerrit.cloudera.org:8080/#/c/8401/2/docs/topics/impala_ssl.xml@177 PS2, Line 177: TLSv1.2 may not work > How does it 'not work' - does the daemon fail to start, or does the daemon Good question for Sailesh! -- To view, visit http://gerrit.cloudera.org:8080/8401 To unsubscribe, visit http://gerrit.cloudera.org:8080/settings Gerrit-Project: Impala-ASF Gerrit-Branch: master Gerrit-MessageType: comment Gerrit-Change-Id: Ia1705262f8c01e38c616541d1c48f5d0cad5498e Gerrit-Change-Number: 8401 Gerrit-PatchSet: 2 Gerrit-Owner: John Russell <jruss...@cloudera.com> Gerrit-Reviewer: Bharath Vissapragada <bhara...@cloudera.com> Gerrit-Reviewer: Henry Robinson <he...@cloudera.com> Gerrit-Reviewer: John Russell <jruss...@cloudera.com> Gerrit-Reviewer: Michael Brown <mi...@cloudera.com> Gerrit-Reviewer: Sailesh Mukil <sail...@cloudera.com> Gerrit-Reviewer: Tim Armstrong <tarmstr...@cloudera.com> Gerrit-Comment-Date: Fri, 27 Oct 2017 23:04:43 +0000 Gerrit-HasComments: Yes