[jira] [Commented] (CALCITE-1480) TLS support for Avatica
[
https://issues.apache.org/jira/browse/CALCITE-1480?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16388272#comment-16388272
]
Josh Elser commented on CALCITE-1480:
-
{quote}Probably would be good to support ciphers/algorithms since TLS support
is there now.
{quote}
Yeah, cipher/algorithm suites would be good to support as well. I guess I
forgot about those the first time around :). I've been known to file Jira
issues for myself and then file some more against myself.
Let me just re-purpose this issue into that specifically.
> TLS support for Avatica
> ---
>
> Key: CALCITE-1480
> URL: https://issues.apache.org/jira/browse/CALCITE-1480
> Project: Calcite
> Issue Type: New Feature
> Components: avatica
>Reporter: Josh Elser
>Priority: Major
>
> We should expose the support for users to configure the Avatica server to
> operate using TLS.
> Some thoughts on what would be minimally acceptable:
> * Configure one-way or two-way TLS
> * Ability to specify ciphers/algorithms to disallow (prevent the use of
> weak/known-insecure parameters)
> This should all be easily attainable through the Jetty APIs.
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
[jira] [Commented] (CALCITE-1480) TLS support for Avatica
[ https://issues.apache.org/jira/browse/CALCITE-1480?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16385427#comment-16385427 ] Kevin Risden commented on CALCITE-1480: --- Looking further into this: [https://github.com/apache/calcite-avatica/blob/master/server/src/main/java/org/apache/calcite/avatica/server/HttpServer.java#L639] Looks like KeyStore support was already added with the "withTLS" builder option? At least it is a start and isn't completely unsupported as this Jira seems to think :) [~elserj] any thoughts on this? Probably would be good to support ciphers/algorithms since TLS support is there now. > TLS support for Avatica > --- > > Key: CALCITE-1480 > URL: https://issues.apache.org/jira/browse/CALCITE-1480 > Project: Calcite > Issue Type: New Feature > Components: avatica >Reporter: Josh Elser >Priority: Major > > We should expose the support for users to configure the Avatica server to > operate using TLS. > Some thoughts on what would be minimally acceptable: > * Configure one-way or two-way TLS > * Ability to specify ciphers/algorithms to disallow (prevent the use of > weak/known-insecure parameters) > This should all be easily attainable through the Jetty APIs. -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Commented] (CALCITE-1480) TLS support for Avatica
[ https://issues.apache.org/jira/browse/CALCITE-1480?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16385426#comment-16385426 ] Kevin Risden commented on CALCITE-1480: --- https://issues.apache.org/jira/browse/CALCITE-1538?focusedCommentId=15783768&page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel#comment-15783768 Looks like CALCITE-1538 got a start on this. Might need to focus on KeyStore next since TrustStore was added. > TLS support for Avatica > --- > > Key: CALCITE-1480 > URL: https://issues.apache.org/jira/browse/CALCITE-1480 > Project: Calcite > Issue Type: New Feature > Components: avatica >Reporter: Josh Elser >Priority: Major > > We should expose the support for users to configure the Avatica server to > operate using TLS. > Some thoughts on what would be minimally acceptable: > * Configure one-way or two-way TLS > * Ability to specify ciphers/algorithms to disallow (prevent the use of > weak/known-insecure parameters) > This should all be easily attainable through the Jetty APIs. -- This message was sent by Atlassian JIRA (v7.6.3#76005)
