Todd Lipcon has posted comments on this change. Change subject: [security] add --rpc_tls_ciphers flag ......................................................................
Patch Set 3: (1 comment) http://gerrit.cloudera.org:8080/#/c/6055/3/src/kudu/security/tls_context.cc File src/kudu/security/tls_context.cc: PS3, Line 50: ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305 > Perhaps. In practice I don't think this cipher will ever by negotiated, si hrm, I think it would raise questions if we were picking ciphers outside of the recommended list, but how could reordering them cause a difference in security length? I'm just suggesting ordering them in terms of performance, since apparently Mozilla has deemed them all secure enough. A 4-5x perf difference also raises eyebrows, and even though no one supports openssl 1.1 now, it's only a matter of time. (I also think some users end up backporting and running new openssl on old distros in order to grab some new optimizations) -- To view, visit http://gerrit.cloudera.org:8080/6055 To unsubscribe, visit http://gerrit.cloudera.org:8080/settings Gerrit-MessageType: comment Gerrit-Change-Id: I050e2295041a98fe2c3118c6258b910423bd3816 Gerrit-PatchSet: 3 Gerrit-Project: kudu Gerrit-Branch: master Gerrit-Owner: Dan Burkert <[email protected]> Gerrit-Reviewer: Alexey Serbin <[email protected]> Gerrit-Reviewer: Dan Burkert <[email protected]> Gerrit-Reviewer: Kudu Jenkins Gerrit-Reviewer: Todd Lipcon <[email protected]> Gerrit-HasComments: Yes
