Hello Todd Lipcon, Alexey Serbin, Kudu Jenkins,
I'd like you to reexamine a change. Please visit
http://gerrit.cloudera.org:8080/6055
to look at the new patch set (#4).
Change subject: [security] add --rpc_tls_ciphers flag
......................................................................
[security] add --rpc_tls_ciphers flag
This new flag allows for precise control over the TLS cipher suite
preference list to use for RPC connections on the server and kudu CLI
tool. This is a relatively common security configuration option on
systems which include TLS encryption.
I also took this opportunity to change our default cipher suite list to
match the Mozilla "intermediate compatibility" recommendation[1]. This
revealed that we are not properly supporting ECDHE ciphers, so I enabled
those as well.
[1] https://wiki.mozilla.org/Security/Server_Side_TLS#Recommended_configurations
Change-Id: I050e2295041a98fe2c3118c6258b910423bd3816
---
M src/kudu/security/tls_context.cc
1 file changed, 44 insertions(+), 1 deletion(-)
git pull ssh://gerrit.cloudera.org:29418/kudu refs/changes/55/6055/4
--
To view, visit http://gerrit.cloudera.org:8080/6055
To unsubscribe, visit http://gerrit.cloudera.org:8080/settings
Gerrit-MessageType: newpatchset
Gerrit-Change-Id: I050e2295041a98fe2c3118c6258b910423bd3816
Gerrit-PatchSet: 4
Gerrit-Project: kudu
Gerrit-Branch: master
Gerrit-Owner: Dan Burkert <[email protected]>
Gerrit-Reviewer: Alexey Serbin <[email protected]>
Gerrit-Reviewer: Dan Burkert <[email protected]>
Gerrit-Reviewer: Kudu Jenkins
Gerrit-Reviewer: Todd Lipcon <[email protected]>
