Alexey Serbin has posted comments on this change. ( http://gerrit.cloudera.org:8080/17189 )
Change subject: KUDU-2871 support TLSv1.3 in Kudu RPC (C++ part) ...................................................................... Patch Set 5: (1 comment) http://gerrit.cloudera.org:8080/#/c/17189/5/src/kudu/security/tls_context.cc File src/kudu/security/tls_context.cc: http://gerrit.cloudera.org:8080/#/c/17189/5/src/kudu/security/tls_context.cc@259 PS5, Line 259: #if OPENSSL_VERSION_NUMBER >= 0x10101000L : // Set TLSv1.3 ciphers. : OPENSSL_RET_NOT_OK( : SSL_CTX_set_ciphersuites(ctx, tls_1_3_ciphers_.c_str()), : Substitute("failed to set TLSv1.3 ciphers: $0", tls_1_3_ciphers_)); : #endif > I have one drive-by comment that I just noticed: Thank you for the feedback! I added a blurb about this into the code. I also verified that in case of OpenSSL 1.1.1i and OpenSSL 1.1.1j regardless of the sequence of those calls TLS context reports an error. E.g., kudu-master isn't starting if setting --rpc_tls_ciphers="" --rpc_tls_1_3_ciphers="" with the following error in both cases: E0329 11:10:11.678535 150270 master_main.cc:40] Runtime error: RunMasterServer() failed: failed to set TLS ciphers: : error:1410D0B9:SSL routines:SSL_CTX_set_cipher_list:no cipher match:../ssl/ssl_lib.c:2564 -- To view, visit http://gerrit.cloudera.org:8080/17189 To unsubscribe, visit http://gerrit.cloudera.org:8080/settings Gerrit-Project: kudu Gerrit-Branch: master Gerrit-MessageType: comment Gerrit-Change-Id: Ia92a4d102c3c8cff76101e71ff71d24a9d78b672 Gerrit-Change-Number: 17189 Gerrit-PatchSet: 5 Gerrit-Owner: Alexey Serbin <[email protected]> Gerrit-Reviewer: Alexey Serbin <[email protected]> Gerrit-Reviewer: Andrew Wong <[email protected]> Gerrit-Reviewer: Attila Bukor <[email protected]> Gerrit-Reviewer: Grant Henke <[email protected]> Gerrit-Reviewer: Joe McDonnell <[email protected]> Gerrit-Reviewer: Kudu Jenkins (120) Gerrit-Reviewer: Tidy Bot (241) Gerrit-Comment-Date: Mon, 29 Mar 2021 19:42:11 +0000 Gerrit-HasComments: Yes
