Alexey Serbin has uploaded this change for review. ( http://gerrit.cloudera.org:8080/18900
Change subject: [security] update list of preferred TLS ciphers ...................................................................... [security] update list of preferred TLS ciphers After revising the list of preferred TLS ciphers for Kudu in [1], it turned out that some FIPS 140-2 environments using custom JSSE providers (e.g., particular versions of BouncyCastle and CaseLogic) lack AES-GCM ciphers, so Kudu Java client applications could not establish a TLS connection to Kudu servers since the AES-CBC ciphers were intentionally removed from the list due to their inferior performance compared with AES-GCM counterparts. This patch addresses the issue, appending AES-CCM and AES-CBC ciphers to the list of preferred ones. The CBC counterparts of the AES-GCM ciphers are known to be much less performant on modern x86_64 CPUs, but at least there should be a shared cipher to establish a connection using TLSv1.2 protocol in such environments. This is a follow-up to [1]. [1] https://github.com/apache/kudu/commit/a8fb42dc34e8f1f876db5b26fc3f5eb3196ce854 Change-Id: I2f8e251acd34fc4ede367b030cd16841527042bc --- M java/kudu-client/src/main/java/org/apache/kudu/client/Negotiator.java M src/kudu/security/security_flags.cc 2 files changed, 17 insertions(+), 2 deletions(-) git pull ssh://gerrit.cloudera.org:29418/kudu refs/changes/00/18900/1 -- To view, visit http://gerrit.cloudera.org:8080/18900 To unsubscribe, visit http://gerrit.cloudera.org:8080/settings Gerrit-Project: kudu Gerrit-Branch: master Gerrit-MessageType: newchange Gerrit-Change-Id: I2f8e251acd34fc4ede367b030cd16841527042bc Gerrit-Change-Number: 18900 Gerrit-PatchSet: 1 Gerrit-Owner: Alexey Serbin <[email protected]>
