You are viewing a plain text version of this content. The canonical link for it is here.
Posted to reviews@impala.apache.org by "Henry Robinson (Code Review)" <ge...@cloudera.org> on 2017/08/09 05:46:03 UTC
[Impala-ASF-CR] IMPALA-5781: Only use TLSv1.0-compatible ciphers for tests
Henry Robinson has uploaded a new change for review.
http://gerrit.cloudera.org:8080/7624
Change subject: IMPALA-5781: Only use TLSv1.0-compatible ciphers for tests
......................................................................
IMPALA-5781: Only use TLSv1.0-compatible ciphers for tests
If we ask OpenSSL to use a cipher suite that's not compatible with
TLSv1.0, it will fail on machines where TLSv1.1+ is not
supported (i.e. those with OpenSSL v1.0.0).
Fix tests to only use TLSv1.0-compatible cipher suites, picked from
https://wiki.openssl.org/index.php/Manual:Ciphers(1)#TLS_v1.0_cipher_suites.
Confirmed that tests start servers with TLSv1.0 support. Before this
patch, servers would be silently upgraded to TLSv1.2 only (i.e. the
minimum version that supported the requested cipher suite).
Change-Id: Id66508040bcc7745b7c68b62ace71ae1d394c1b4
---
M be/src/rpc/thrift-server-test.cc
1 file changed, 15 insertions(+), 7 deletions(-)
git pull ssh://gerrit.cloudera.org:29418/Impala-ASF refs/changes/24/7624/1
--
To view, visit http://gerrit.cloudera.org:8080/7624
To unsubscribe, visit http://gerrit.cloudera.org:8080/settings
Gerrit-MessageType: newchange
Gerrit-Change-Id: Id66508040bcc7745b7c68b62ace71ae1d394c1b4
Gerrit-PatchSet: 1
Gerrit-Project: Impala-ASF
Gerrit-Branch: master
Gerrit-Owner: Henry Robinson <he...@cloudera.com>
[Impala-ASF-CR] IMPALA-5781: Only use TLSv1.0-compatible ciphers for tests
Posted by "Impala Public Jenkins (Code Review)" <ge...@cloudera.org>.
Impala Public Jenkins has posted comments on this change.
Change subject: IMPALA-5781: Only use TLSv1.0-compatible ciphers for tests
......................................................................
Patch Set 1:
Build started: https://jenkins.impala.io/job/gerrit-verify-dryrun/1023/
--
To view, visit http://gerrit.cloudera.org:8080/7624
To unsubscribe, visit http://gerrit.cloudera.org:8080/settings
Gerrit-MessageType: comment
Gerrit-Change-Id: Id66508040bcc7745b7c68b62ace71ae1d394c1b4
Gerrit-PatchSet: 1
Gerrit-Project: Impala-ASF
Gerrit-Branch: master
Gerrit-Owner: Henry Robinson <he...@cloudera.com>
Gerrit-Reviewer: Impala Public Jenkins
Gerrit-Reviewer: Matthew Jacobs <mj...@cloudera.com>
Gerrit-HasComments: No
[Impala-ASF-CR] IMPALA-5781: Only use TLSv1.0-compatible ciphers for tests
Posted by "Henry Robinson (Code Review)" <ge...@cloudera.org>.
Henry Robinson has posted comments on this change.
Change subject: IMPALA-5781: Only use TLSv1.0-compatible ciphers for tests
......................................................................
Patch Set 1:
I also tried this on a machine with OpenSSL 1.0.0.
--
To view, visit http://gerrit.cloudera.org:8080/7624
To unsubscribe, visit http://gerrit.cloudera.org:8080/settings
Gerrit-MessageType: comment
Gerrit-Change-Id: Id66508040bcc7745b7c68b62ace71ae1d394c1b4
Gerrit-PatchSet: 1
Gerrit-Project: Impala-ASF
Gerrit-Branch: master
Gerrit-Owner: Henry Robinson <he...@cloudera.com>
Gerrit-Reviewer: Henry Robinson <he...@cloudera.com>
Gerrit-Reviewer: Impala Public Jenkins
Gerrit-Reviewer: Matthew Jacobs <mj...@cloudera.com>
Gerrit-HasComments: No
[Impala-ASF-CR] IMPALA-5781: Only use TLSv1.0-compatible ciphers for tests
Posted by "Impala Public Jenkins (Code Review)" <ge...@cloudera.org>.
Impala Public Jenkins has submitted this change and it was merged.
Change subject: IMPALA-5781: Only use TLSv1.0-compatible ciphers for tests
......................................................................
IMPALA-5781: Only use TLSv1.0-compatible ciphers for tests
If we ask OpenSSL to use a cipher suite that's not compatible with
TLSv1.0, it will fail on machines where TLSv1.1+ is not
supported (i.e. those with OpenSSL v1.0.0).
Fix tests to only use TLSv1.0-compatible cipher suites, picked from
https://wiki.openssl.org/index.php/Manual:Ciphers(1)#TLS_v1.0_cipher_suites.
Confirmed that tests start servers with TLSv1.0 support. Before this
patch, servers would be silently upgraded to TLSv1.2 only (i.e. the
minimum version that supported the requested cipher suite).
Change-Id: Id66508040bcc7745b7c68b62ace71ae1d394c1b4
Reviewed-on: http://gerrit.cloudera.org:8080/7624
Reviewed-by: Matthew Jacobs <mj...@cloudera.com>
Tested-by: Impala Public Jenkins
---
M be/src/rpc/thrift-server-test.cc
1 file changed, 15 insertions(+), 7 deletions(-)
Approvals:
Impala Public Jenkins: Verified
Matthew Jacobs: Looks good to me, approved
--
To view, visit http://gerrit.cloudera.org:8080/7624
To unsubscribe, visit http://gerrit.cloudera.org:8080/settings
Gerrit-MessageType: merged
Gerrit-Change-Id: Id66508040bcc7745b7c68b62ace71ae1d394c1b4
Gerrit-PatchSet: 2
Gerrit-Project: Impala-ASF
Gerrit-Branch: master
Gerrit-Owner: Henry Robinson <he...@cloudera.com>
Gerrit-Reviewer: Henry Robinson <he...@cloudera.com>
Gerrit-Reviewer: Impala Public Jenkins
Gerrit-Reviewer: Matthew Jacobs <mj...@cloudera.com>
[Impala-ASF-CR] IMPALA-5781: Only use TLSv1.0-compatible ciphers for tests
Posted by "Impala Public Jenkins (Code Review)" <ge...@cloudera.org>.
Impala Public Jenkins has posted comments on this change.
Change subject: IMPALA-5781: Only use TLSv1.0-compatible ciphers for tests
......................................................................
Patch Set 1: Verified+1
--
To view, visit http://gerrit.cloudera.org:8080/7624
To unsubscribe, visit http://gerrit.cloudera.org:8080/settings
Gerrit-MessageType: comment
Gerrit-Change-Id: Id66508040bcc7745b7c68b62ace71ae1d394c1b4
Gerrit-PatchSet: 1
Gerrit-Project: Impala-ASF
Gerrit-Branch: master
Gerrit-Owner: Henry Robinson <he...@cloudera.com>
Gerrit-Reviewer: Henry Robinson <he...@cloudera.com>
Gerrit-Reviewer: Impala Public Jenkins
Gerrit-Reviewer: Matthew Jacobs <mj...@cloudera.com>
Gerrit-HasComments: No
[Impala-ASF-CR] IMPALA-5781: Only use TLSv1.0-compatible ciphers for tests
Posted by "Matthew Jacobs (Code Review)" <ge...@cloudera.org>.
Matthew Jacobs has posted comments on this change.
Change subject: IMPALA-5781: Only use TLSv1.0-compatible ciphers for tests
......................................................................
Patch Set 1: Code-Review+2
--
To view, visit http://gerrit.cloudera.org:8080/7624
To unsubscribe, visit http://gerrit.cloudera.org:8080/settings
Gerrit-MessageType: comment
Gerrit-Change-Id: Id66508040bcc7745b7c68b62ace71ae1d394c1b4
Gerrit-PatchSet: 1
Gerrit-Project: Impala-ASF
Gerrit-Branch: master
Gerrit-Owner: Henry Robinson <he...@cloudera.com>
Gerrit-Reviewer: Matthew Jacobs <mj...@cloudera.com>
Gerrit-HasComments: No