Grant Henke has posted comments on this change. ( http://gerrit.cloudera.org:8080/17189 )
Change subject: KUDU-2871 support TLSv1.3 in Kudu RPC (C++ part) ...................................................................... Patch Set 8: (2 comments) http://gerrit.cloudera.org:8080/#/c/17189/8/src/kudu/security/security_flags.cc File src/kudu/security/security_flags.cc: http://gerrit.cloudera.org:8080/#/c/17189/8/src/kudu/security/security_flags.cc@29 PS8, Line 29: // TODO(aserbin): refresh the list to drop RHEL6/CentOS6 ciphers and Should that patch land first before this? http://gerrit.cloudera.org:8080/#/c/17189/8/src/kudu/server/server_base.cc File src/kudu/server/server_base.cc: http://gerrit.cloudera.org:8080/#/c/17189/8/src/kudu/server/server_base.cc@167 PS8, Line 167: DEFINE_string(rpc_tls_1_3_ciphers, A flag tied to a version of a dependency feels like a future compatibility/usability challenge to me. Will this flag also be used for 1.4 or later? Is there a way that the `rpc_tls_ciphers` can be updated/reused in a compatible way? Perhaps filtering out incompatible cyphers or changing the default value based on the availability of OpenSSL v1.1.1 at compile time. -- To view, visit http://gerrit.cloudera.org:8080/17189 To unsubscribe, visit http://gerrit.cloudera.org:8080/settings Gerrit-Project: kudu Gerrit-Branch: master Gerrit-MessageType: comment Gerrit-Change-Id: Ia92a4d102c3c8cff76101e71ff71d24a9d78b672 Gerrit-Change-Number: 17189 Gerrit-PatchSet: 8 Gerrit-Owner: Alexey Serbin <[email protected]> Gerrit-Reviewer: Alexey Serbin <[email protected]> Gerrit-Reviewer: Andrew Wong <[email protected]> Gerrit-Reviewer: Attila Bukor <[email protected]> Gerrit-Reviewer: Grant Henke <[email protected]> Gerrit-Reviewer: Joe McDonnell <[email protected]> Gerrit-Reviewer: Kudu Jenkins (120) Gerrit-Reviewer: Tidy Bot (241) Gerrit-Comment-Date: Mon, 05 Apr 2021 14:34:32 +0000 Gerrit-HasComments: Yes
