Alexey Serbin has posted comments on this change. ( http://gerrit.cloudera.org:8080/17268 )
Change subject: [security] set minimum TLS protocol version to TSLv1.2 ...................................................................... Patch Set 3: (1 comment) http://gerrit.cloudera.org:8080/#/c/17268/3//COMMIT_MSG Commit Message: http://gerrit.cloudera.org:8080/#/c/17268/3//COMMIT_MSG@31 PS3, Line 31: * AES128-SHA (TLS_RSA_WITH_AES_128_CBC_SHA) : * AES256-SHA (TLS_RSA_WITH_AES_256_CBC_SHA) > I see, thank you for the explanation! In general then, other than the misma Yes, keeping the client with the lowest TLS version is an option if we want to keep that compatibility, and that would not affect negotiating TLS connections with servers capable talking TLSv1.2 and TLSv1.3. The question is: why do we want to have that compatibility and complicate the code even if we know (1) RHEL/CentOS 6 is no longer supported since Kudu 1.14 (2) the performance for such connections with servers running RHEL/CentOS 6 is poor anyways? -- To view, visit http://gerrit.cloudera.org:8080/17268 To unsubscribe, visit http://gerrit.cloudera.org:8080/settings Gerrit-Project: kudu Gerrit-Branch: master Gerrit-MessageType: comment Gerrit-Change-Id: I07633a04d3828100f148e5de3905094198d13396 Gerrit-Change-Number: 17268 Gerrit-PatchSet: 3 Gerrit-Owner: Alexey Serbin <[email protected]> Gerrit-Reviewer: Alexey Serbin <[email protected]> Gerrit-Reviewer: Andrew Wong <[email protected]> Gerrit-Reviewer: Attila Bukor <[email protected]> Gerrit-Reviewer: Grant Henke <[email protected]> Gerrit-Reviewer: Greg Solovyev <[email protected]> Gerrit-Reviewer: Kudu Jenkins (120) Gerrit-Comment-Date: Fri, 23 Apr 2021 07:30:29 +0000 Gerrit-HasComments: Yes
