Todd Lipcon has submitted this change and it was merged. Change subject: [security] add --rpc_tls_ciphers flag ......................................................................
[security] add --rpc_tls_ciphers flag This new flag allows for precise control over the TLS cipher suite preference list to use for RPC connections on the server and kudu CLI tool. This is a relatively common security configuration option on systems which include TLS encryption. I also took this opportunity to change our default cipher suite list to match the Mozilla "modern compatibility" recommendation[1], plus some cipher suites necessary to remain compatible with RHEL 6.5. This revealed that we are not properly supporting ECDHE ciphers, so I enabled those as well. [1] https://wiki.mozilla.org/Security/Server_Side_TLS#Recommended_configurations Change-Id: I050e2295041a98fe2c3118c6258b910423bd3816 Reviewed-on: http://gerrit.cloudera.org:8080/6055 Reviewed-by: Alexey Serbin <[email protected]> Tested-by: Kudu Jenkins Reviewed-by: Todd Lipcon <[email protected]> --- M src/kudu/security/tls_context.cc 1 file changed, 43 insertions(+), 1 deletion(-) Approvals: Todd Lipcon: Looks good to me, approved Alexey Serbin: Looks good to me, approved Kudu Jenkins: Verified -- To view, visit http://gerrit.cloudera.org:8080/6055 To unsubscribe, visit http://gerrit.cloudera.org:8080/settings Gerrit-MessageType: merged Gerrit-Change-Id: I050e2295041a98fe2c3118c6258b910423bd3816 Gerrit-PatchSet: 9 Gerrit-Project: kudu Gerrit-Branch: master Gerrit-Owner: Dan Burkert <[email protected]> Gerrit-Reviewer: Alexey Serbin <[email protected]> Gerrit-Reviewer: Dan Burkert <[email protected]> Gerrit-Reviewer: Kudu Jenkins Gerrit-Reviewer: Todd Lipcon <[email protected]>
