[jira] [Commented] (CALCITE-1480) TLS support for Avatica
[ https://issues.apache.org/jira/browse/CALCITE-1480?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16388272#comment-16388272 ] Josh Elser commented on CALCITE-1480: - {quote}Probably would be good to support ciphers/algorithms since TLS support is there now. {quote} Yeah, cipher/algorithm suites would be good to support as well. I guess I forgot about those the first time around :). I've been known to file Jira issues for myself and then file some more against myself. Let me just re-purpose this issue into that specifically. > TLS support for Avatica > --- > > Key: CALCITE-1480 > URL: https://issues.apache.org/jira/browse/CALCITE-1480 > Project: Calcite > Issue Type: New Feature > Components: avatica >Reporter: Josh Elser >Priority: Major > > We should expose the support for users to configure the Avatica server to > operate using TLS. > Some thoughts on what would be minimally acceptable: > * Configure one-way or two-way TLS > * Ability to specify ciphers/algorithms to disallow (prevent the use of > weak/known-insecure parameters) > This should all be easily attainable through the Jetty APIs. -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Commented] (CALCITE-1480) TLS support for Avatica
[ https://issues.apache.org/jira/browse/CALCITE-1480?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16385427#comment-16385427 ] Kevin Risden commented on CALCITE-1480: --- Looking further into this: [https://github.com/apache/calcite-avatica/blob/master/server/src/main/java/org/apache/calcite/avatica/server/HttpServer.java#L639] Looks like KeyStore support was already added with the "withTLS" builder option? At least it is a start and isn't completely unsupported as this Jira seems to think :) [~elserj] any thoughts on this? Probably would be good to support ciphers/algorithms since TLS support is there now. > TLS support for Avatica > --- > > Key: CALCITE-1480 > URL: https://issues.apache.org/jira/browse/CALCITE-1480 > Project: Calcite > Issue Type: New Feature > Components: avatica >Reporter: Josh Elser >Priority: Major > > We should expose the support for users to configure the Avatica server to > operate using TLS. > Some thoughts on what would be minimally acceptable: > * Configure one-way or two-way TLS > * Ability to specify ciphers/algorithms to disallow (prevent the use of > weak/known-insecure parameters) > This should all be easily attainable through the Jetty APIs. -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Commented] (CALCITE-1480) TLS support for Avatica
[ https://issues.apache.org/jira/browse/CALCITE-1480?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16385426#comment-16385426 ] Kevin Risden commented on CALCITE-1480: --- https://issues.apache.org/jira/browse/CALCITE-1538?focusedCommentId=15783768&page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel#comment-15783768 Looks like CALCITE-1538 got a start on this. Might need to focus on KeyStore next since TrustStore was added. > TLS support for Avatica > --- > > Key: CALCITE-1480 > URL: https://issues.apache.org/jira/browse/CALCITE-1480 > Project: Calcite > Issue Type: New Feature > Components: avatica >Reporter: Josh Elser >Priority: Major > > We should expose the support for users to configure the Avatica server to > operate using TLS. > Some thoughts on what would be minimally acceptable: > * Configure one-way or two-way TLS > * Ability to specify ciphers/algorithms to disallow (prevent the use of > weak/known-insecure parameters) > This should all be easily attainable through the Jetty APIs. -- This message was sent by Atlassian JIRA (v7.6.3#76005)