You are viewing a plain text version of this content. The canonical link for it is here.

Posted to reviews@impala.apache.org by "Henry Robinson (Code Review)" <ge...@cloudera.org> on 2017/08/09 05:46:03 UTC

[Impala-ASF-CR] IMPALA-5781: Only use TLSv1.0-compatible ciphers for tests

Henry Robinson has uploaded a new change for review.

  http://gerrit.cloudera.org:8080/7624

Change subject: IMPALA-5781: Only use TLSv1.0-compatible ciphers for tests
......................................................................

IMPALA-5781: Only use TLSv1.0-compatible ciphers for tests

If we ask OpenSSL to use a cipher suite that's not compatible with
TLSv1.0, it will fail on machines where TLSv1.1+ is not
supported (i.e. those with OpenSSL v1.0.0).

Fix tests to only use TLSv1.0-compatible cipher suites, picked from
https://wiki.openssl.org/index.php/Manual:Ciphers(1)#TLS_v1.0_cipher_suites.

Confirmed that tests start servers with TLSv1.0 support. Before this
patch, servers would be silently upgraded to TLSv1.2 only (i.e. the
minimum version that supported the requested cipher suite).

Change-Id: Id66508040bcc7745b7c68b62ace71ae1d394c1b4
---
M be/src/rpc/thrift-server-test.cc
1 file changed, 15 insertions(+), 7 deletions(-)


  git pull ssh://gerrit.cloudera.org:29418/Impala-ASF refs/changes/24/7624/1
-- 
To view, visit http://gerrit.cloudera.org:8080/7624
To unsubscribe, visit http://gerrit.cloudera.org:8080/settings

Gerrit-MessageType: newchange
Gerrit-Change-Id: Id66508040bcc7745b7c68b62ace71ae1d394c1b4
Gerrit-PatchSet: 1
Gerrit-Project: Impala-ASF
Gerrit-Branch: master
Gerrit-Owner: Henry Robinson <he...@cloudera.com>

[Impala-ASF-CR] IMPALA-5781: Only use TLSv1.0-compatible ciphers for tests

Posted by "Impala Public Jenkins (Code Review)" <ge...@cloudera.org>.

Impala Public Jenkins has posted comments on this change.

Change subject: IMPALA-5781: Only use TLSv1.0-compatible ciphers for tests
......................................................................


Patch Set 1:

Build started: https://jenkins.impala.io/job/gerrit-verify-dryrun/1023/

-- 
To view, visit http://gerrit.cloudera.org:8080/7624
To unsubscribe, visit http://gerrit.cloudera.org:8080/settings

Gerrit-MessageType: comment
Gerrit-Change-Id: Id66508040bcc7745b7c68b62ace71ae1d394c1b4
Gerrit-PatchSet: 1
Gerrit-Project: Impala-ASF
Gerrit-Branch: master
Gerrit-Owner: Henry Robinson <he...@cloudera.com>
Gerrit-Reviewer: Impala Public Jenkins
Gerrit-Reviewer: Matthew Jacobs <mj...@cloudera.com>
Gerrit-HasComments: No

[Impala-ASF-CR] IMPALA-5781: Only use TLSv1.0-compatible ciphers for tests

Posted by "Henry Robinson (Code Review)" <ge...@cloudera.org>.

Henry Robinson has posted comments on this change.

Change subject: IMPALA-5781: Only use TLSv1.0-compatible ciphers for tests
......................................................................


Patch Set 1:

I also tried this on a machine with OpenSSL 1.0.0.

-- 
To view, visit http://gerrit.cloudera.org:8080/7624
To unsubscribe, visit http://gerrit.cloudera.org:8080/settings

Gerrit-MessageType: comment
Gerrit-Change-Id: Id66508040bcc7745b7c68b62ace71ae1d394c1b4
Gerrit-PatchSet: 1
Gerrit-Project: Impala-ASF
Gerrit-Branch: master
Gerrit-Owner: Henry Robinson <he...@cloudera.com>
Gerrit-Reviewer: Henry Robinson <he...@cloudera.com>
Gerrit-Reviewer: Impala Public Jenkins
Gerrit-Reviewer: Matthew Jacobs <mj...@cloudera.com>
Gerrit-HasComments: No

[Impala-ASF-CR] IMPALA-5781: Only use TLSv1.0-compatible ciphers for tests

Posted by "Impala Public Jenkins (Code Review)" <ge...@cloudera.org>.

Impala Public Jenkins has submitted this change and it was merged.

Change subject: IMPALA-5781: Only use TLSv1.0-compatible ciphers for tests
......................................................................


IMPALA-5781: Only use TLSv1.0-compatible ciphers for tests

If we ask OpenSSL to use a cipher suite that's not compatible with
TLSv1.0, it will fail on machines where TLSv1.1+ is not
supported (i.e. those with OpenSSL v1.0.0).

Fix tests to only use TLSv1.0-compatible cipher suites, picked from
https://wiki.openssl.org/index.php/Manual:Ciphers(1)#TLS_v1.0_cipher_suites.

Confirmed that tests start servers with TLSv1.0 support. Before this
patch, servers would be silently upgraded to TLSv1.2 only (i.e. the
minimum version that supported the requested cipher suite).

Change-Id: Id66508040bcc7745b7c68b62ace71ae1d394c1b4
Reviewed-on: http://gerrit.cloudera.org:8080/7624
Reviewed-by: Matthew Jacobs <mj...@cloudera.com>
Tested-by: Impala Public Jenkins
---
M be/src/rpc/thrift-server-test.cc
1 file changed, 15 insertions(+), 7 deletions(-)

Approvals:
  Impala Public Jenkins: Verified
  Matthew Jacobs: Looks good to me, approved



-- 
To view, visit http://gerrit.cloudera.org:8080/7624
To unsubscribe, visit http://gerrit.cloudera.org:8080/settings

Gerrit-MessageType: merged
Gerrit-Change-Id: Id66508040bcc7745b7c68b62ace71ae1d394c1b4
Gerrit-PatchSet: 2
Gerrit-Project: Impala-ASF
Gerrit-Branch: master
Gerrit-Owner: Henry Robinson <he...@cloudera.com>
Gerrit-Reviewer: Henry Robinson <he...@cloudera.com>
Gerrit-Reviewer: Impala Public Jenkins
Gerrit-Reviewer: Matthew Jacobs <mj...@cloudera.com>

[Impala-ASF-CR] IMPALA-5781: Only use TLSv1.0-compatible ciphers for tests

Posted by "Impala Public Jenkins (Code Review)" <ge...@cloudera.org>.

Impala Public Jenkins has posted comments on this change.

Change subject: IMPALA-5781: Only use TLSv1.0-compatible ciphers for tests
......................................................................


Patch Set 1: Verified+1

-- 
To view, visit http://gerrit.cloudera.org:8080/7624
To unsubscribe, visit http://gerrit.cloudera.org:8080/settings

Gerrit-MessageType: comment
Gerrit-Change-Id: Id66508040bcc7745b7c68b62ace71ae1d394c1b4
Gerrit-PatchSet: 1
Gerrit-Project: Impala-ASF
Gerrit-Branch: master
Gerrit-Owner: Henry Robinson <he...@cloudera.com>
Gerrit-Reviewer: Henry Robinson <he...@cloudera.com>
Gerrit-Reviewer: Impala Public Jenkins
Gerrit-Reviewer: Matthew Jacobs <mj...@cloudera.com>
Gerrit-HasComments: No

[Impala-ASF-CR] IMPALA-5781: Only use TLSv1.0-compatible ciphers for tests

Posted by "Matthew Jacobs (Code Review)" <ge...@cloudera.org>.

Matthew Jacobs has posted comments on this change.

Change subject: IMPALA-5781: Only use TLSv1.0-compatible ciphers for tests
......................................................................


Patch Set 1: Code-Review+2

-- 
To view, visit http://gerrit.cloudera.org:8080/7624
To unsubscribe, visit http://gerrit.cloudera.org:8080/settings

Gerrit-MessageType: comment
Gerrit-Change-Id: Id66508040bcc7745b7c68b62ace71ae1d394c1b4
Gerrit-PatchSet: 1
Gerrit-Project: Impala-ASF
Gerrit-Branch: master
Gerrit-Owner: Henry Robinson <he...@cloudera.com>
Gerrit-Reviewer: Matthew Jacobs <mj...@cloudera.com>
Gerrit-HasComments: No