You are viewing a plain text version of this content. The canonical link for it is here.

Posted to reviews@impala.apache.org by "Joe McDonnell (Code Review)" <ge...@cloudera.org> on 2022/03/12 01:48:51 UTC

[Impala-ASF-CR] PROTOTYPE: TLS 1.3 ciphersuite support

Joe McDonnell has uploaded this change for review. ( http://gerrit.cloudera.org:8080/18316


Change subject: PROTOTYPE: TLS 1.3 ciphersuite support
......................................................................

PROTOTYPE: TLS 1.3 ciphersuite support

This fixes some backend tests on Ubuntu 18, which uses TLS 1.3.

Testing:
 - Ran rpc-mgr-test, rpc-mgr-kerberized-test, webserver-test,
   and thrift-server-test (which were failing before)

TODO:
 - This should have TLS 1.3 ciphersuite tests
 - Some comments could be out of date / wrong
 - Need to run tests

Change-Id: I6974dae7fb429599847165614adc4eaaf338f744
---
M be/src/rpc/rpc-mgr-test.cc
M be/src/rpc/rpc-mgr-test.h
M be/src/rpc/rpc-mgr.cc
M be/src/rpc/thrift-client.cc
M be/src/rpc/thrift-client.h
M be/src/rpc/thrift-server-test.cc
M be/src/rpc/thrift-server.cc
M be/src/rpc/thrift-server.h
M be/src/rpc/thrift-util.cc
M be/src/rpc/thrift-util.h
M be/src/service/impala-server.cc
M be/src/thirdparty/squeasel/squeasel.c
M be/src/util/webserver-test.cc
M be/src/util/webserver.cc
14 files changed, 182 insertions(+), 66 deletions(-)



  git pull ssh://gerrit.cloudera.org:29418/Impala-ASF refs/changes/16/18316/1
-- 
To view, visit http://gerrit.cloudera.org:8080/18316
To unsubscribe, visit http://gerrit.cloudera.org:8080/settings

Gerrit-Project: Impala-ASF
Gerrit-Branch: master
Gerrit-MessageType: newchange
Gerrit-Change-Id: I6974dae7fb429599847165614adc4eaaf338f744
Gerrit-Change-Number: 18316
Gerrit-PatchSet: 1
Gerrit-Owner: Joe McDonnell <jo...@cloudera.com>

[Impala-ASF-CR] IMPALA-10069: Support TLS 1.3 ciphersuites

Posted by "Joe McDonnell (Code Review)" <ge...@cloudera.org>.

Hello Impala Public Jenkins, 

I'd like you to reexamine a change. Please visit

    http://gerrit.cloudera.org:8080/18316

to look at the new patch set (#3).

Change subject: IMPALA-10069: Support TLS 1.3 ciphersuites
......................................................................

IMPALA-10069: Support TLS 1.3 ciphersuites

OpenSSL 1.1.1 adds support for TLS 1.3. TLS 1.3 has a new
set of cipher suites that are maintained separately from
the TLS 1.2 ciphers. This caused test failures on tests
that expected failures when setting invalid TLS 1.2 ciphers.
It also rendered some success test cases invalid, because
the TLS 1.3 ciphers would work even if TLS 1.2 didn't.

This adds the tls_ciphersuites startup parameter, which
customizes the TLS 1.3 cipher suites. tls_ciphersuites is
only effective when Impala is built for a system with OpenSSL
1.1.1 or above.

This uses tls_ciphersuites to fix the existing TLS 1.2 cipher
tests. It also adds a set of tests for TLS 1.3 cipher suites.

KRPC and the webserver now support ssl_minimum_version=tlsv1.3.
However, Thrift does not support this configuration yet, so
this is not supported for impalad yet. To support TLS 1.3 tests
on Thrift, this adds a disable_tls12 option to ThriftServer
and ThriftClient. This will be removed when
ssl_minimum_version=tlsv1.3 is supported.

Testing:
 - Ran the backend tests with TLS checks (rpc-mgr-test, rpc-mgr-kerberized-test,
   webserver-test, and thrift-server-test) on Ubuntu 18 and Ubuntu 20
 - Added tests for tls_ciphersuites in rpc-mgr-test and thrift-server-test
 - Ran a core test on Centos 7
 - Ran a core test on Ubuntu 16

Change-Id: I6974dae7fb429599847165614adc4eaaf338f744
---
M be/src/rpc/rpc-mgr-test.cc
M be/src/rpc/rpc-mgr-test.h
M be/src/rpc/rpc-mgr.cc
M be/src/rpc/thrift-client.cc
M be/src/rpc/thrift-client.h
M be/src/rpc/thrift-server-test.cc
M be/src/rpc/thrift-server.cc
M be/src/rpc/thrift-server.h
M be/src/rpc/thrift-util.cc
M be/src/rpc/thrift-util.h
M be/src/service/impala-server.cc
M be/src/thirdparty/squeasel/squeasel.c
M be/src/util/webserver-test.cc
M be/src/util/webserver.cc
14 files changed, 523 insertions(+), 84 deletions(-)


  git pull ssh://gerrit.cloudera.org:29418/Impala-ASF refs/changes/16/18316/3
-- 
To view, visit http://gerrit.cloudera.org:8080/18316
To unsubscribe, visit http://gerrit.cloudera.org:8080/settings

Gerrit-Project: Impala-ASF
Gerrit-Branch: master
Gerrit-MessageType: newpatchset
Gerrit-Change-Id: I6974dae7fb429599847165614adc4eaaf338f744
Gerrit-Change-Number: 18316
Gerrit-PatchSet: 3
Gerrit-Owner: Joe McDonnell <jo...@cloudera.com>
Gerrit-Reviewer: Impala Public Jenkins <im...@cloudera.com>
Gerrit-Reviewer: Joe McDonnell <jo...@cloudera.com>

[Impala-ASF-CR] IMPALA-10069: Support TLS 1.3 ciphersuites

Posted by "Impala Public Jenkins (Code Review)" <ge...@cloudera.org>.

Impala Public Jenkins has posted comments on this change. ( http://gerrit.cloudera.org:8080/18316 )

Change subject: IMPALA-10069: Support TLS 1.3 ciphersuites
......................................................................


Patch Set 3:

(1 comment)

http://gerrit.cloudera.org:8080/#/c/18316/3/be/src/rpc/thrift-server-test.cc
File be/src/rpc/thrift-server-test.cc:

http://gerrit.cloudera.org:8080/#/c/18316/3/be/src/rpc/thrift-server-test.cc@493
PS3, Line 493:         ScopedFlagSetter<string>::Make(&FLAGS_tls_ciphersuites, "this_is_not_a_ciphersuite");
line too long (93 > 90)



-- 
To view, visit http://gerrit.cloudera.org:8080/18316
To unsubscribe, visit http://gerrit.cloudera.org:8080/settings

Gerrit-Project: Impala-ASF
Gerrit-Branch: master
Gerrit-MessageType: comment
Gerrit-Change-Id: I6974dae7fb429599847165614adc4eaaf338f744
Gerrit-Change-Number: 18316
Gerrit-PatchSet: 3
Gerrit-Owner: Joe McDonnell <jo...@cloudera.com>
Gerrit-Reviewer: Impala Public Jenkins <im...@cloudera.com>
Gerrit-Reviewer: Joe McDonnell <jo...@cloudera.com>
Gerrit-Comment-Date: Thu, 21 Jul 2022 16:02:56 +0000
Gerrit-HasComments: Yes

[Impala-ASF-CR] PROTOTYPE: TLS 1.3 ciphersuite support

Posted by "Joe McDonnell (Code Review)" <ge...@cloudera.org>.

Joe McDonnell has posted comments on this change. ( http://gerrit.cloudera.org:8080/18316 )

Change subject: PROTOTYPE: TLS 1.3 ciphersuite support
......................................................................


Patch Set 1:

(3 comments)

http://gerrit.cloudera.org:8080/#/c/18316/1/be/src/rpc/thrift-util.cc
File be/src/rpc/thrift-util.cc:

http://gerrit.cloudera.org:8080/#/c/18316/1/be/src/rpc/thrift-util.cc@101
PS1, Line 101: cipher_suites
Make this one word "ciphersuites" to match the rest of code


http://gerrit.cloudera.org:8080/#/c/18316/1/be/src/rpc/thrift-util.cc@102
PS1, Line 102:   if (cipher_list.empty() && tls_cipher_suites == "default") return;
This logic is wrong, "default" is no longer a special value.


http://gerrit.cloudera.org:8080/#/c/18316/1/be/src/rpc/thrift-util.cc@107
PS1, Line 107:   if (tls_cipher_suites != "default") {
"default" is not a special value.



-- 
To view, visit http://gerrit.cloudera.org:8080/18316
To unsubscribe, visit http://gerrit.cloudera.org:8080/settings

Gerrit-Project: Impala-ASF
Gerrit-Branch: master
Gerrit-MessageType: comment
Gerrit-Change-Id: I6974dae7fb429599847165614adc4eaaf338f744
Gerrit-Change-Number: 18316
Gerrit-PatchSet: 1
Gerrit-Owner: Joe McDonnell <jo...@cloudera.com>
Gerrit-Reviewer: Impala Public Jenkins <im...@cloudera.com>
Gerrit-Reviewer: Joe McDonnell <jo...@cloudera.com>
Gerrit-Comment-Date: Sat, 12 Mar 2022 01:53:46 +0000
Gerrit-HasComments: Yes

[Impala-ASF-CR] IMPALA-10069: Support TLS 1.3 ciphersuites

Posted by "Joe McDonnell (Code Review)" <ge...@cloudera.org>.

Joe McDonnell has posted comments on this change. ( http://gerrit.cloudera.org:8080/18316 )

Change subject: IMPALA-10069: Support TLS 1.3 ciphersuites
......................................................................


Patch Set 4:

(3 comments)

http://gerrit.cloudera.org:8080/#/c/18316/4/be/src/rpc/rpc-mgr.cc
File be/src/rpc/rpc-mgr.cc:

http://gerrit.cloudera.org:8080/#/c/18316/4/be/src/rpc/rpc-mgr.cc@181
PS4, Line 181: bld.set_rpc_tls_ciphersuites(FLAGS_tls_ciphersuites);
> Do we need to call bld.set_rpc_tls_ciphersuites() if FLAGS_tls_ciphersuites
We don't need the call if it is the same as kDefaultTlsCipherSuites, but it also doesn't change the behavior one way or the other.


http://gerrit.cloudera.org:8080/#/c/18316/4/be/src/rpc/rpc-mgr.cc@184
PS4, Line 184:  == ""
> Should we use .empty()?
Good point, switched this over


http://gerrit.cloudera.org:8080/#/c/18316/4/be/src/service/impala-server.cc
File be/src/service/impala-server.cc:

http://gerrit.cloudera.org:8080/#/c/18316/4/be/src/service/impala-server.cc@248
PS4, Line 248: Thrift RPC
> Thrift RPC and KRPC?
Good point, changed this



-- 
To view, visit http://gerrit.cloudera.org:8080/18316
To unsubscribe, visit http://gerrit.cloudera.org:8080/settings

Gerrit-Project: Impala-ASF
Gerrit-Branch: master
Gerrit-MessageType: comment
Gerrit-Change-Id: I6974dae7fb429599847165614adc4eaaf338f744
Gerrit-Change-Number: 18316
Gerrit-PatchSet: 4
Gerrit-Owner: Joe McDonnell <jo...@cloudera.com>
Gerrit-Reviewer: Impala Public Jenkins <im...@cloudera.com>
Gerrit-Reviewer: Joe McDonnell <jo...@cloudera.com>
Gerrit-Reviewer: Michael Smith <mi...@cloudera.com>
Gerrit-Reviewer: Wenzhe Zhou <wz...@cloudera.com>
Gerrit-Comment-Date: Mon, 22 Aug 2022 20:24:54 +0000
Gerrit-HasComments: Yes

[Impala-ASF-CR] IMPALA-10069: Support TLS 1.3 ciphersuites

Posted by "Joe McDonnell (Code Review)" <ge...@cloudera.org>.

Joe McDonnell has submitted this change and it was merged. ( http://gerrit.cloudera.org:8080/18316 )

Change subject: IMPALA-10069: Support TLS 1.3 ciphersuites
......................................................................

IMPALA-10069: Support TLS 1.3 ciphersuites

OpenSSL 1.1.1 adds support for TLS 1.3. TLS 1.3 has a new
set of cipher suites that are maintained separately from
the TLS 1.2 ciphers. This caused test failures on tests
that expected failures when setting invalid TLS 1.2 ciphers.
It also rendered some success test cases invalid, because
the TLS 1.3 ciphers would work even if TLS 1.2 didn't.

This adds the tls_ciphersuites startup parameter, which
customizes the TLS 1.3 cipher suites. tls_ciphersuites is
only effective when Impala is built for a system with OpenSSL
1.1.1 or above.

This uses tls_ciphersuites to fix the existing TLS 1.2 cipher
tests. It also adds a set of tests for TLS 1.3 cipher suites.

KRPC and the webserver now support ssl_minimum_version=tlsv1.3.
However, Thrift does not support this configuration yet, so
this is not supported for impalad yet. To support TLS 1.3 tests
on Thrift, this adds a disable_tls12 option to ThriftServer
and ThriftClient. This will be removed when
ssl_minimum_version=tlsv1.3 is supported.

Testing:
 - Ran the backend tests with TLS checks (rpc-mgr-test, rpc-mgr-kerberized-test,
   webserver-test, and thrift-server-test) on Ubuntu 18 and Ubuntu 20
 - Added tests for tls_ciphersuites in rpc-mgr-test and thrift-server-test
 - Ran a core test on Centos 7
 - Ran a core test on Ubuntu 16

Change-Id: I6974dae7fb429599847165614adc4eaaf338f744
Reviewed-on: http://gerrit.cloudera.org:8080/18316
Reviewed-by: Wenzhe Zhou <wz...@cloudera.com>
Tested-by: Impala Public Jenkins <im...@cloudera.com>
---
M be/src/rpc/rpc-mgr-test.cc
M be/src/rpc/rpc-mgr-test.h
M be/src/rpc/rpc-mgr.cc
M be/src/rpc/thrift-client.cc
M be/src/rpc/thrift-client.h
M be/src/rpc/thrift-server-test.cc
M be/src/rpc/thrift-server.cc
M be/src/rpc/thrift-server.h
M be/src/rpc/thrift-util.cc
M be/src/rpc/thrift-util.h
M be/src/service/impala-server.cc
M be/src/thirdparty/squeasel/squeasel.c
M be/src/util/webserver-test.cc
M be/src/util/webserver.cc
14 files changed, 523 insertions(+), 84 deletions(-)

Approvals:
  Wenzhe Zhou: Looks good to me, approved
  Impala Public Jenkins: Verified

-- 
To view, visit http://gerrit.cloudera.org:8080/18316
To unsubscribe, visit http://gerrit.cloudera.org:8080/settings

Gerrit-Project: Impala-ASF
Gerrit-Branch: master
Gerrit-MessageType: merged
Gerrit-Change-Id: I6974dae7fb429599847165614adc4eaaf338f744
Gerrit-Change-Number: 18316
Gerrit-PatchSet: 8
Gerrit-Owner: Joe McDonnell <jo...@cloudera.com>
Gerrit-Reviewer: Impala Public Jenkins <im...@cloudera.com>
Gerrit-Reviewer: Joe McDonnell <jo...@cloudera.com>
Gerrit-Reviewer: Michael Smith <mi...@cloudera.com>
Gerrit-Reviewer: Wenzhe Zhou <wz...@cloudera.com>

[Impala-ASF-CR] IMPALA-10069: Support TLS 1.3 ciphersuites

Posted by "Impala Public Jenkins (Code Review)" <ge...@cloudera.org>.

Impala Public Jenkins has posted comments on this change. ( http://gerrit.cloudera.org:8080/18316 )

Change subject: IMPALA-10069: Support TLS 1.3 ciphersuites
......................................................................


Patch Set 3:

Build started: https://jenkins.impala.io/job/gerrit-verify-dryrun/8350/ DRY_RUN=true


-- 
To view, visit http://gerrit.cloudera.org:8080/18316
To unsubscribe, visit http://gerrit.cloudera.org:8080/settings

Gerrit-Project: Impala-ASF
Gerrit-Branch: master
Gerrit-MessageType: comment
Gerrit-Change-Id: I6974dae7fb429599847165614adc4eaaf338f744
Gerrit-Change-Number: 18316
Gerrit-PatchSet: 3
Gerrit-Owner: Joe McDonnell <jo...@cloudera.com>
Gerrit-Reviewer: Impala Public Jenkins <im...@cloudera.com>
Gerrit-Reviewer: Joe McDonnell <jo...@cloudera.com>
Gerrit-Comment-Date: Thu, 21 Jul 2022 17:43:48 +0000
Gerrit-HasComments: No

[Impala-ASF-CR] IMPALA-10069: Support TLS 1.3 ciphersuites

Posted by "Joe McDonnell (Code Review)" <ge...@cloudera.org>.

Hello Wenzhe Zhou, Michael Smith, Impala Public Jenkins, 

I'd like you to reexamine a change. Please visit

    http://gerrit.cloudera.org:8080/18316

to look at the new patch set (#6).

Change subject: IMPALA-10069: Support TLS 1.3 ciphersuites
......................................................................

IMPALA-10069: Support TLS 1.3 ciphersuites

OpenSSL 1.1.1 adds support for TLS 1.3. TLS 1.3 has a new
set of cipher suites that are maintained separately from
the TLS 1.2 ciphers. This caused test failures on tests
that expected failures when setting invalid TLS 1.2 ciphers.
It also rendered some success test cases invalid, because
the TLS 1.3 ciphers would work even if TLS 1.2 didn't.

This adds the tls_ciphersuites startup parameter, which
customizes the TLS 1.3 cipher suites. tls_ciphersuites is
only effective when Impala is built for a system with OpenSSL
1.1.1 or above.

This uses tls_ciphersuites to fix the existing TLS 1.2 cipher
tests. It also adds a set of tests for TLS 1.3 cipher suites.

KRPC and the webserver now support ssl_minimum_version=tlsv1.3.
However, Thrift does not support this configuration yet, so
this is not supported for impalad yet. To support TLS 1.3 tests
on Thrift, this adds a disable_tls12 option to ThriftServer
and ThriftClient. This will be removed when
ssl_minimum_version=tlsv1.3 is supported.

Testing:
 - Ran the backend tests with TLS checks (rpc-mgr-test, rpc-mgr-kerberized-test,
   webserver-test, and thrift-server-test) on Ubuntu 18 and Ubuntu 20
 - Added tests for tls_ciphersuites in rpc-mgr-test and thrift-server-test
 - Ran a core test on Centos 7
 - Ran a core test on Ubuntu 16

Change-Id: I6974dae7fb429599847165614adc4eaaf338f744
---
M be/src/rpc/rpc-mgr-test.cc
M be/src/rpc/rpc-mgr-test.h
M be/src/rpc/rpc-mgr.cc
M be/src/rpc/thrift-client.cc
M be/src/rpc/thrift-client.h
M be/src/rpc/thrift-server-test.cc
M be/src/rpc/thrift-server.cc
M be/src/rpc/thrift-server.h
M be/src/rpc/thrift-util.cc
M be/src/rpc/thrift-util.h
M be/src/service/impala-server.cc
M be/src/thirdparty/squeasel/squeasel.c
M be/src/util/webserver-test.cc
M be/src/util/webserver.cc
14 files changed, 523 insertions(+), 84 deletions(-)


  git pull ssh://gerrit.cloudera.org:29418/Impala-ASF refs/changes/16/18316/6
-- 
To view, visit http://gerrit.cloudera.org:8080/18316
To unsubscribe, visit http://gerrit.cloudera.org:8080/settings

Gerrit-Project: Impala-ASF
Gerrit-Branch: master
Gerrit-MessageType: newpatchset
Gerrit-Change-Id: I6974dae7fb429599847165614adc4eaaf338f744
Gerrit-Change-Number: 18316
Gerrit-PatchSet: 6
Gerrit-Owner: Joe McDonnell <jo...@cloudera.com>
Gerrit-Reviewer: Impala Public Jenkins <im...@cloudera.com>
Gerrit-Reviewer: Joe McDonnell <jo...@cloudera.com>
Gerrit-Reviewer: Michael Smith <mi...@cloudera.com>
Gerrit-Reviewer: Wenzhe Zhou <wz...@cloudera.com>

[Impala-ASF-CR] IMPALA-10069: Support TLS 1.3 ciphersuites

Posted by "Impala Public Jenkins (Code Review)" <ge...@cloudera.org>.

Impala Public Jenkins has posted comments on this change. ( http://gerrit.cloudera.org:8080/18316 )

Change subject: IMPALA-10069: Support TLS 1.3 ciphersuites
......................................................................


Patch Set 7:

Build started: https://jenkins.impala.io/job/gerrit-verify-dryrun/8486/ DRY_RUN=true


-- 
To view, visit http://gerrit.cloudera.org:8080/18316
To unsubscribe, visit http://gerrit.cloudera.org:8080/settings

Gerrit-Project: Impala-ASF
Gerrit-Branch: master
Gerrit-MessageType: comment
Gerrit-Change-Id: I6974dae7fb429599847165614adc4eaaf338f744
Gerrit-Change-Number: 18316
Gerrit-PatchSet: 7
Gerrit-Owner: Joe McDonnell <jo...@cloudera.com>
Gerrit-Reviewer: Impala Public Jenkins <im...@cloudera.com>
Gerrit-Reviewer: Joe McDonnell <jo...@cloudera.com>
Gerrit-Reviewer: Michael Smith <mi...@cloudera.com>
Gerrit-Reviewer: Wenzhe Zhou <wz...@cloudera.com>
Gerrit-Comment-Date: Tue, 23 Aug 2022 07:33:00 +0000
Gerrit-HasComments: No

[Impala-ASF-CR] PROTOTYPE: IMPALA-10069: Support TLS 1.3 ciphersuites

Posted by "Impala Public Jenkins (Code Review)" <ge...@cloudera.org>.

Impala Public Jenkins has posted comments on this change. ( http://gerrit.cloudera.org:8080/18316 )

Change subject: PROTOTYPE: IMPALA-10069: Support TLS 1.3 ciphersuites
......................................................................


Patch Set 2:

Build Successful 

https://jenkins.impala.io/job/gerrit-code-review-checks/10433/ : Initial code review checks passed. Use gerrit-verify-dryrun-external or gerrit-verify-dryrun to run full precommit tests.


-- 
To view, visit http://gerrit.cloudera.org:8080/18316
To unsubscribe, visit http://gerrit.cloudera.org:8080/settings

Gerrit-Project: Impala-ASF
Gerrit-Branch: master
Gerrit-MessageType: comment
Gerrit-Change-Id: I6974dae7fb429599847165614adc4eaaf338f744
Gerrit-Change-Number: 18316
Gerrit-PatchSet: 2
Gerrit-Owner: Joe McDonnell <jo...@cloudera.com>
Gerrit-Reviewer: Impala Public Jenkins <im...@cloudera.com>
Gerrit-Reviewer: Joe McDonnell <jo...@cloudera.com>
Gerrit-Comment-Date: Wed, 13 Apr 2022 04:07:39 +0000
Gerrit-HasComments: No

[Impala-ASF-CR] IMPALA-10069: Support TLS 1.3 ciphersuites

Posted by "Impala Public Jenkins (Code Review)" <ge...@cloudera.org>.

Impala Public Jenkins has posted comments on this change. ( http://gerrit.cloudera.org:8080/18316 )

Change subject: IMPALA-10069: Support TLS 1.3 ciphersuites
......................................................................


Patch Set 3: Verified-1

Build failed: https://jenkins.impala.io/job/gerrit-verify-dryrun/8350/


-- 
To view, visit http://gerrit.cloudera.org:8080/18316
To unsubscribe, visit http://gerrit.cloudera.org:8080/settings

Gerrit-Project: Impala-ASF
Gerrit-Branch: master
Gerrit-MessageType: comment
Gerrit-Change-Id: I6974dae7fb429599847165614adc4eaaf338f744
Gerrit-Change-Number: 18316
Gerrit-PatchSet: 3
Gerrit-Owner: Joe McDonnell <jo...@cloudera.com>
Gerrit-Reviewer: Impala Public Jenkins <im...@cloudera.com>
Gerrit-Reviewer: Joe McDonnell <jo...@cloudera.com>
Gerrit-Comment-Date: Thu, 21 Jul 2022 22:32:28 +0000
Gerrit-HasComments: No

[Impala-ASF-CR] IMPALA-10069: Support TLS 1.3 ciphersuites

Posted by "Impala Public Jenkins (Code Review)" <ge...@cloudera.org>.

Impala Public Jenkins has posted comments on this change. ( http://gerrit.cloudera.org:8080/18316 )

Change subject: IMPALA-10069: Support TLS 1.3 ciphersuites
......................................................................


Patch Set 4:

Build started: https://jenkins.impala.io/job/gerrit-verify-dryrun/8379/ DRY_RUN=true


-- 
To view, visit http://gerrit.cloudera.org:8080/18316
To unsubscribe, visit http://gerrit.cloudera.org:8080/settings

Gerrit-Project: Impala-ASF
Gerrit-Branch: master
Gerrit-MessageType: comment
Gerrit-Change-Id: I6974dae7fb429599847165614adc4eaaf338f744
Gerrit-Change-Number: 18316
Gerrit-PatchSet: 4
Gerrit-Owner: Joe McDonnell <jo...@cloudera.com>
Gerrit-Reviewer: Impala Public Jenkins <im...@cloudera.com>
Gerrit-Reviewer: Joe McDonnell <jo...@cloudera.com>
Gerrit-Comment-Date: Sat, 30 Jul 2022 04:13:18 +0000
Gerrit-HasComments: No

[Impala-ASF-CR] IMPALA-10069: Support TLS 1.3 ciphersuites

Posted by "Joe McDonnell (Code Review)" <ge...@cloudera.org>.

Hello Wenzhe Zhou, Michael Smith, Impala Public Jenkins, 

I'd like you to reexamine a change. Please visit

    http://gerrit.cloudera.org:8080/18316

to look at the new patch set (#5).

Change subject: IMPALA-10069: Support TLS 1.3 ciphersuites
......................................................................

IMPALA-10069: Support TLS 1.3 ciphersuites

OpenSSL 1.1.1 adds support for TLS 1.3. TLS 1.3 has a new
set of cipher suites that are maintained separately from
the TLS 1.2 ciphers. This caused test failures on tests
that expected failures when setting invalid TLS 1.2 ciphers.
It also rendered some success test cases invalid, because
the TLS 1.3 ciphers would work even if TLS 1.2 didn't.

This adds the tls_ciphersuites startup parameter, which
customizes the TLS 1.3 cipher suites. tls_ciphersuites is
only effective when Impala is built for a system with OpenSSL
1.1.1 or above.

This uses tls_ciphersuites to fix the existing TLS 1.2 cipher
tests. It also adds a set of tests for TLS 1.3 cipher suites.

KRPC and the webserver now support ssl_minimum_version=tlsv1.3.
However, Thrift does not support this configuration yet, so
this is not supported for impalad yet. To support TLS 1.3 tests
on Thrift, this adds a disable_tls12 option to ThriftServer
and ThriftClient. This will be removed when
ssl_minimum_version=tlsv1.3 is supported.

Testing:
 - Ran the backend tests with TLS checks (rpc-mgr-test, rpc-mgr-kerberized-test,
   webserver-test, and thrift-server-test) on Ubuntu 18 and Ubuntu 20
 - Added tests for tls_ciphersuites in rpc-mgr-test and thrift-server-test
 - Ran a core test on Centos 7
 - Ran a core test on Ubuntu 16

Change-Id: I6974dae7fb429599847165614adc4eaaf338f744
---
M be/src/rpc/rpc-mgr-test.cc
M be/src/rpc/rpc-mgr-test.h
M be/src/rpc/rpc-mgr.cc
M be/src/rpc/thrift-client.cc
M be/src/rpc/thrift-client.h
M be/src/rpc/thrift-server-test.cc
M be/src/rpc/thrift-server.cc
M be/src/rpc/thrift-server.h
M be/src/rpc/thrift-util.cc
M be/src/rpc/thrift-util.h
M be/src/service/impala-server.cc
M be/src/thirdparty/squeasel/squeasel.c
M be/src/util/webserver-test.cc
M be/src/util/webserver.cc
14 files changed, 523 insertions(+), 84 deletions(-)


  git pull ssh://gerrit.cloudera.org:29418/Impala-ASF refs/changes/16/18316/5
-- 
To view, visit http://gerrit.cloudera.org:8080/18316
To unsubscribe, visit http://gerrit.cloudera.org:8080/settings

Gerrit-Project: Impala-ASF
Gerrit-Branch: master
Gerrit-MessageType: newpatchset
Gerrit-Change-Id: I6974dae7fb429599847165614adc4eaaf338f744
Gerrit-Change-Number: 18316
Gerrit-PatchSet: 5
Gerrit-Owner: Joe McDonnell <jo...@cloudera.com>
Gerrit-Reviewer: Impala Public Jenkins <im...@cloudera.com>
Gerrit-Reviewer: Joe McDonnell <jo...@cloudera.com>
Gerrit-Reviewer: Michael Smith <mi...@cloudera.com>
Gerrit-Reviewer: Wenzhe Zhou <wz...@cloudera.com>

[Impala-ASF-CR] IMPALA-10069: Support TLS 1.3 ciphersuites

Posted by "Wenzhe Zhou (Code Review)" <ge...@cloudera.org>.

Wenzhe Zhou has posted comments on this change. ( http://gerrit.cloudera.org:8080/18316 )

Change subject: IMPALA-10069: Support TLS 1.3 ciphersuites
......................................................................


Patch Set 7: Code-Review+2

Carry +1 from Michael


-- 
To view, visit http://gerrit.cloudera.org:8080/18316
To unsubscribe, visit http://gerrit.cloudera.org:8080/settings

Gerrit-Project: Impala-ASF
Gerrit-Branch: master
Gerrit-MessageType: comment
Gerrit-Change-Id: I6974dae7fb429599847165614adc4eaaf338f744
Gerrit-Change-Number: 18316
Gerrit-PatchSet: 7
Gerrit-Owner: Joe McDonnell <jo...@cloudera.com>
Gerrit-Reviewer: Impala Public Jenkins <im...@cloudera.com>
Gerrit-Reviewer: Joe McDonnell <jo...@cloudera.com>
Gerrit-Reviewer: Michael Smith <mi...@cloudera.com>
Gerrit-Reviewer: Wenzhe Zhou <wz...@cloudera.com>
Gerrit-Comment-Date: Tue, 23 Aug 2022 08:27:16 +0000
Gerrit-HasComments: No

[Impala-ASF-CR] IMPALA-10069: Support TLS 1.3 ciphersuites

Posted by "Impala Public Jenkins (Code Review)" <ge...@cloudera.org>.

Impala Public Jenkins has posted comments on this change. ( http://gerrit.cloudera.org:8080/18316 )

Change subject: IMPALA-10069: Support TLS 1.3 ciphersuites
......................................................................


Patch Set 5:

(1 comment)

http://gerrit.cloudera.org:8080/#/c/18316/5/be/src/rpc/thrift-server-test.cc
File be/src/rpc/thrift-server-test.cc:

http://gerrit.cloudera.org:8080/#/c/18316/5/be/src/rpc/thrift-server-test.cc@493
PS5, Line 493:         ScopedFlagSetter<string>::Make(&FLAGS_tls_ciphersuites, "this_is_not_a_ciphersuite");
line too long (93 > 90)



-- 
To view, visit http://gerrit.cloudera.org:8080/18316
To unsubscribe, visit http://gerrit.cloudera.org:8080/settings

Gerrit-Project: Impala-ASF
Gerrit-Branch: master
Gerrit-MessageType: comment
Gerrit-Change-Id: I6974dae7fb429599847165614adc4eaaf338f744
Gerrit-Change-Number: 18316
Gerrit-PatchSet: 5
Gerrit-Owner: Joe McDonnell <jo...@cloudera.com>
Gerrit-Reviewer: Impala Public Jenkins <im...@cloudera.com>
Gerrit-Reviewer: Joe McDonnell <jo...@cloudera.com>
Gerrit-Reviewer: Michael Smith <mi...@cloudera.com>
Gerrit-Reviewer: Wenzhe Zhou <wz...@cloudera.com>
Gerrit-Comment-Date: Mon, 22 Aug 2022 20:25:43 +0000
Gerrit-HasComments: Yes

[Impala-ASF-CR] PROTOTYPE: IMPALA-10069: Support TLS 1.3 ciphersuites

Posted by "Impala Public Jenkins (Code Review)" <ge...@cloudera.org>.

Impala Public Jenkins has posted comments on this change. ( http://gerrit.cloudera.org:8080/18316 )

Change subject: PROTOTYPE: IMPALA-10069: Support TLS 1.3 ciphersuites
......................................................................


Patch Set 2:

Build started: https://jenkins.impala.io/job/gerrit-verify-dryrun/8041/ DRY_RUN=true


-- 
To view, visit http://gerrit.cloudera.org:8080/18316
To unsubscribe, visit http://gerrit.cloudera.org:8080/settings

Gerrit-Project: Impala-ASF
Gerrit-Branch: master
Gerrit-MessageType: comment
Gerrit-Change-Id: I6974dae7fb429599847165614adc4eaaf338f744
Gerrit-Change-Number: 18316
Gerrit-PatchSet: 2
Gerrit-Owner: Joe McDonnell <jo...@cloudera.com>
Gerrit-Reviewer: Impala Public Jenkins <im...@cloudera.com>
Gerrit-Reviewer: Joe McDonnell <jo...@cloudera.com>
Gerrit-Comment-Date: Wed, 13 Apr 2022 03:48:59 +0000
Gerrit-HasComments: No

[Impala-ASF-CR] PROTOTYPE: IMPALA-10069: Support TLS 1.3 ciphersuites

Posted by "Impala Public Jenkins (Code Review)" <ge...@cloudera.org>.

Impala Public Jenkins has posted comments on this change. ( http://gerrit.cloudera.org:8080/18316 )

Change subject: PROTOTYPE: IMPALA-10069: Support TLS 1.3 ciphersuites
......................................................................


Patch Set 2: Verified-1

Build failed: https://jenkins.impala.io/job/gerrit-verify-dryrun/8041/


-- 
To view, visit http://gerrit.cloudera.org:8080/18316
To unsubscribe, visit http://gerrit.cloudera.org:8080/settings

Gerrit-Project: Impala-ASF
Gerrit-Branch: master
Gerrit-MessageType: comment
Gerrit-Change-Id: I6974dae7fb429599847165614adc4eaaf338f744
Gerrit-Change-Number: 18316
Gerrit-PatchSet: 2
Gerrit-Owner: Joe McDonnell <jo...@cloudera.com>
Gerrit-Reviewer: Impala Public Jenkins <im...@cloudera.com>
Gerrit-Reviewer: Joe McDonnell <jo...@cloudera.com>
Gerrit-Comment-Date: Wed, 13 Apr 2022 08:14:10 +0000
Gerrit-HasComments: No

[Impala-ASF-CR] PROTOTYPE: IMPALA-10069: Support TLS 1.3 ciphersuites

Posted by "Impala Public Jenkins (Code Review)" <ge...@cloudera.org>.

Impala Public Jenkins has posted comments on this change. ( http://gerrit.cloudera.org:8080/18316 )

Change subject: PROTOTYPE: IMPALA-10069: Support TLS 1.3 ciphersuites
......................................................................


Patch Set 2:

(1 comment)

http://gerrit.cloudera.org:8080/#/c/18316/2/be/src/rpc/thrift-server-test.cc
File be/src/rpc/thrift-server-test.cc:

http://gerrit.cloudera.org:8080/#/c/18316/2/be/src/rpc/thrift-server-test.cc@495
PS2, Line 495:         ScopedFlagSetter<string>::Make(&FLAGS_tls_ciphersuites, "this_is_not_a_ciphersuite");
line too long (93 > 90)



-- 
To view, visit http://gerrit.cloudera.org:8080/18316
To unsubscribe, visit http://gerrit.cloudera.org:8080/settings

Gerrit-Project: Impala-ASF
Gerrit-Branch: master
Gerrit-MessageType: comment
Gerrit-Change-Id: I6974dae7fb429599847165614adc4eaaf338f744
Gerrit-Change-Number: 18316
Gerrit-PatchSet: 2
Gerrit-Owner: Joe McDonnell <jo...@cloudera.com>
Gerrit-Reviewer: Impala Public Jenkins <im...@cloudera.com>
Gerrit-Reviewer: Joe McDonnell <jo...@cloudera.com>
Gerrit-Comment-Date: Wed, 13 Apr 2022 03:48:35 +0000
Gerrit-HasComments: Yes

[Impala-ASF-CR] PROTOTYPE: TLS 1.3 ciphersuite support

Posted by "Impala Public Jenkins (Code Review)" <ge...@cloudera.org>.

Impala Public Jenkins has posted comments on this change. ( http://gerrit.cloudera.org:8080/18316 )

Change subject: PROTOTYPE: TLS 1.3 ciphersuite support
......................................................................


Patch Set 1: Verified+1


-- 
To view, visit http://gerrit.cloudera.org:8080/18316
To unsubscribe, visit http://gerrit.cloudera.org:8080/settings

Gerrit-Project: Impala-ASF
Gerrit-Branch: master
Gerrit-MessageType: comment
Gerrit-Change-Id: I6974dae7fb429599847165614adc4eaaf338f744
Gerrit-Change-Number: 18316
Gerrit-PatchSet: 1
Gerrit-Owner: Joe McDonnell <jo...@cloudera.com>
Gerrit-Reviewer: Impala Public Jenkins <im...@cloudera.com>
Gerrit-Reviewer: Joe McDonnell <jo...@cloudera.com>
Gerrit-Comment-Date: Sat, 12 Mar 2022 07:20:27 +0000
Gerrit-HasComments: No

[Impala-ASF-CR] IMPALA-10069: Support TLS 1.3 ciphersuites

Posted by "Impala Public Jenkins (Code Review)" <ge...@cloudera.org>.

Impala Public Jenkins has posted comments on this change. ( http://gerrit.cloudera.org:8080/18316 )

Change subject: IMPALA-10069: Support TLS 1.3 ciphersuites
......................................................................


Patch Set 7: Verified+1


-- 
To view, visit http://gerrit.cloudera.org:8080/18316
To unsubscribe, visit http://gerrit.cloudera.org:8080/settings

Gerrit-Project: Impala-ASF
Gerrit-Branch: master
Gerrit-MessageType: comment
Gerrit-Change-Id: I6974dae7fb429599847165614adc4eaaf338f744
Gerrit-Change-Number: 18316
Gerrit-PatchSet: 7
Gerrit-Owner: Joe McDonnell <jo...@cloudera.com>
Gerrit-Reviewer: Impala Public Jenkins <im...@cloudera.com>
Gerrit-Reviewer: Joe McDonnell <jo...@cloudera.com>
Gerrit-Reviewer: Michael Smith <mi...@cloudera.com>
Gerrit-Reviewer: Wenzhe Zhou <wz...@cloudera.com>
Gerrit-Comment-Date: Tue, 23 Aug 2022 12:21:36 +0000
Gerrit-HasComments: No

[Impala-ASF-CR] PROTOTYPE: TLS 1.3 ciphersuite support

Posted by "Impala Public Jenkins (Code Review)" <ge...@cloudera.org>.

Impala Public Jenkins has posted comments on this change. ( http://gerrit.cloudera.org:8080/18316 )

Change subject: PROTOTYPE: TLS 1.3 ciphersuite support
......................................................................


Patch Set 1:

Build Successful 

https://jenkins.impala.io/job/gerrit-code-review-checks/10285/ : Initial code review checks passed. Use gerrit-verify-dryrun-external or gerrit-verify-dryrun to run full precommit tests.


-- 
To view, visit http://gerrit.cloudera.org:8080/18316
To unsubscribe, visit http://gerrit.cloudera.org:8080/settings

Gerrit-Project: Impala-ASF
Gerrit-Branch: master
Gerrit-MessageType: comment
Gerrit-Change-Id: I6974dae7fb429599847165614adc4eaaf338f744
Gerrit-Change-Number: 18316
Gerrit-PatchSet: 1
Gerrit-Owner: Joe McDonnell <jo...@cloudera.com>
Gerrit-Reviewer: Impala Public Jenkins <im...@cloudera.com>
Gerrit-Reviewer: Joe McDonnell <jo...@cloudera.com>
Gerrit-Comment-Date: Sat, 12 Mar 2022 02:09:27 +0000
Gerrit-HasComments: No

[Impala-ASF-CR] IMPALA-10069: Support TLS 1.3 ciphersuites

Posted by "Impala Public Jenkins (Code Review)" <ge...@cloudera.org>.

Impala Public Jenkins has posted comments on this change. ( http://gerrit.cloudera.org:8080/18316 )

Change subject: IMPALA-10069: Support TLS 1.3 ciphersuites
......................................................................


Patch Set 3:

Build Successful 

https://jenkins.impala.io/job/gerrit-code-review-checks/11010/ : Initial code review checks passed. Use gerrit-verify-dryrun-external or gerrit-verify-dryrun to run full precommit tests.


-- 
To view, visit http://gerrit.cloudera.org:8080/18316
To unsubscribe, visit http://gerrit.cloudera.org:8080/settings

Gerrit-Project: Impala-ASF
Gerrit-Branch: master
Gerrit-MessageType: comment
Gerrit-Change-Id: I6974dae7fb429599847165614adc4eaaf338f744
Gerrit-Change-Number: 18316
Gerrit-PatchSet: 3
Gerrit-Owner: Joe McDonnell <jo...@cloudera.com>
Gerrit-Reviewer: Impala Public Jenkins <im...@cloudera.com>
Gerrit-Reviewer: Joe McDonnell <jo...@cloudera.com>
Gerrit-Comment-Date: Thu, 21 Jul 2022 16:23:19 +0000
Gerrit-HasComments: No

[Impala-ASF-CR] IMPALA-10069: Support TLS 1.3 ciphersuites

Posted by "Impala Public Jenkins (Code Review)" <ge...@cloudera.org>.

Impala Public Jenkins has posted comments on this change. ( http://gerrit.cloudera.org:8080/18316 )

Change subject: IMPALA-10069: Support TLS 1.3 ciphersuites
......................................................................


Patch Set 4:

Build started: https://jenkins.impala.io/job/gerrit-verify-dryrun/8377/ DRY_RUN=true


-- 
To view, visit http://gerrit.cloudera.org:8080/18316
To unsubscribe, visit http://gerrit.cloudera.org:8080/settings

Gerrit-Project: Impala-ASF
Gerrit-Branch: master
Gerrit-MessageType: comment
Gerrit-Change-Id: I6974dae7fb429599847165614adc4eaaf338f744
Gerrit-Change-Number: 18316
Gerrit-PatchSet: 4
Gerrit-Owner: Joe McDonnell <jo...@cloudera.com>
Gerrit-Reviewer: Impala Public Jenkins <im...@cloudera.com>
Gerrit-Reviewer: Joe McDonnell <jo...@cloudera.com>
Gerrit-Comment-Date: Fri, 29 Jul 2022 18:48:48 +0000
Gerrit-HasComments: No

[Impala-ASF-CR] IMPALA-10069: Support TLS 1.3 ciphersuites

Posted by "Joe McDonnell (Code Review)" <ge...@cloudera.org>.

Joe McDonnell has posted comments on this change. ( http://gerrit.cloudera.org:8080/18316 )

Change subject: IMPALA-10069: Support TLS 1.3 ciphersuites
......................................................................


Patch Set 5:

(1 comment)

http://gerrit.cloudera.org:8080/#/c/18316/5/be/src/rpc/thrift-server-test.cc
File be/src/rpc/thrift-server-test.cc:

http://gerrit.cloudera.org:8080/#/c/18316/5/be/src/rpc/thrift-server-test.cc@493
PS5, Line 493:         ScopedFlagSetter<string>::Make(&FLAGS_tls_ciphersuites, "this_is_not_a_ciphersuite");
> line too long (93 > 90)
Done



-- 
To view, visit http://gerrit.cloudera.org:8080/18316
To unsubscribe, visit http://gerrit.cloudera.org:8080/settings

Gerrit-Project: Impala-ASF
Gerrit-Branch: master
Gerrit-MessageType: comment
Gerrit-Change-Id: I6974dae7fb429599847165614adc4eaaf338f744
Gerrit-Change-Number: 18316
Gerrit-PatchSet: 5
Gerrit-Owner: Joe McDonnell <jo...@cloudera.com>
Gerrit-Reviewer: Impala Public Jenkins <im...@cloudera.com>
Gerrit-Reviewer: Joe McDonnell <jo...@cloudera.com>
Gerrit-Reviewer: Michael Smith <mi...@cloudera.com>
Gerrit-Reviewer: Wenzhe Zhou <wz...@cloudera.com>
Gerrit-Comment-Date: Mon, 22 Aug 2022 20:32:39 +0000
Gerrit-HasComments: Yes

[Impala-ASF-CR] IMPALA-10069: Support TLS 1.3 ciphersuites

Posted by "Impala Public Jenkins (Code Review)" <ge...@cloudera.org>.

Impala Public Jenkins has posted comments on this change. ( http://gerrit.cloudera.org:8080/18316 )

Change subject: IMPALA-10069: Support TLS 1.3 ciphersuites
......................................................................


Patch Set 5:

Build Successful 

https://jenkins.impala.io/job/gerrit-code-review-checks/11204/ : Initial code review checks passed. Use gerrit-verify-dryrun-external or gerrit-verify-dryrun to run full precommit tests.


-- 
To view, visit http://gerrit.cloudera.org:8080/18316
To unsubscribe, visit http://gerrit.cloudera.org:8080/settings

Gerrit-Project: Impala-ASF
Gerrit-Branch: master
Gerrit-MessageType: comment
Gerrit-Change-Id: I6974dae7fb429599847165614adc4eaaf338f744
Gerrit-Change-Number: 18316
Gerrit-PatchSet: 5
Gerrit-Owner: Joe McDonnell <jo...@cloudera.com>
Gerrit-Reviewer: Impala Public Jenkins <im...@cloudera.com>
Gerrit-Reviewer: Joe McDonnell <jo...@cloudera.com>
Gerrit-Reviewer: Michael Smith <mi...@cloudera.com>
Gerrit-Reviewer: Wenzhe Zhou <wz...@cloudera.com>
Gerrit-Comment-Date: Mon, 22 Aug 2022 20:46:03 +0000
Gerrit-HasComments: No

[Impala-ASF-CR] PROTOTYPE: IMPALA-10069: Support TLS 1.3 ciphersuites

Posted by "Joe McDonnell (Code Review)" <ge...@cloudera.org>.

Hello Impala Public Jenkins, 

I'd like you to reexamine a change. Please visit

    http://gerrit.cloudera.org:8080/18316

to look at the new patch set (#2).

Change subject: PROTOTYPE: IMPALA-10069: Support TLS 1.3 ciphersuites
......................................................................

PROTOTYPE: IMPALA-10069: Support TLS 1.3 ciphersuites

This fixes some backend tests on Ubuntu 18, which uses TLS 1.3.

Testing:
 - Ran rpc-mgr-test, rpc-mgr-kerberized-test, webserver-test,
   and thrift-server-test (which were failing before)

Change-Id: I6974dae7fb429599847165614adc4eaaf338f744
---
M be/src/rpc/rpc-mgr-test.cc
M be/src/rpc/rpc-mgr-test.h
M be/src/rpc/rpc-mgr.cc
M be/src/rpc/thrift-client.cc
M be/src/rpc/thrift-client.h
M be/src/rpc/thrift-server-test.cc
M be/src/rpc/thrift-server.cc
M be/src/rpc/thrift-server.h
M be/src/rpc/thrift-util.cc
M be/src/rpc/thrift-util.h
M be/src/service/impala-server.cc
M be/src/thirdparty/squeasel/squeasel.c
M be/src/util/webserver-test.cc
M be/src/util/webserver.cc
14 files changed, 463 insertions(+), 76 deletions(-)


  git pull ssh://gerrit.cloudera.org:29418/Impala-ASF refs/changes/16/18316/2
-- 
To view, visit http://gerrit.cloudera.org:8080/18316
To unsubscribe, visit http://gerrit.cloudera.org:8080/settings

Gerrit-Project: Impala-ASF
Gerrit-Branch: master
Gerrit-MessageType: newpatchset
Gerrit-Change-Id: I6974dae7fb429599847165614adc4eaaf338f744
Gerrit-Change-Number: 18316
Gerrit-PatchSet: 2
Gerrit-Owner: Joe McDonnell <jo...@cloudera.com>
Gerrit-Reviewer: Impala Public Jenkins <im...@cloudera.com>
Gerrit-Reviewer: Joe McDonnell <jo...@cloudera.com>

[Impala-ASF-CR] PROTOTYPE: TLS 1.3 ciphersuite support

Posted by "Impala Public Jenkins (Code Review)" <ge...@cloudera.org>.

Impala Public Jenkins has posted comments on this change. ( http://gerrit.cloudera.org:8080/18316 )

Change subject: PROTOTYPE: TLS 1.3 ciphersuite support
......................................................................


Patch Set 1:

Build started: https://jenkins.impala.io/job/gerrit-verify-dryrun/7931/ DRY_RUN=true


-- 
To view, visit http://gerrit.cloudera.org:8080/18316
To unsubscribe, visit http://gerrit.cloudera.org:8080/settings

Gerrit-Project: Impala-ASF
Gerrit-Branch: master
Gerrit-MessageType: comment
Gerrit-Change-Id: I6974dae7fb429599847165614adc4eaaf338f744
Gerrit-Change-Number: 18316
Gerrit-PatchSet: 1
Gerrit-Owner: Joe McDonnell <jo...@cloudera.com>
Gerrit-Reviewer: Impala Public Jenkins <im...@cloudera.com>
Gerrit-Reviewer: Joe McDonnell <jo...@cloudera.com>
Gerrit-Comment-Date: Sat, 12 Mar 2022 02:16:47 +0000
Gerrit-HasComments: No

[Impala-ASF-CR] IMPALA-10069: Support TLS 1.3 ciphersuites

Posted by "Impala Public Jenkins (Code Review)" <ge...@cloudera.org>.

Impala Public Jenkins has posted comments on this change. ( http://gerrit.cloudera.org:8080/18316 )

Change subject: IMPALA-10069: Support TLS 1.3 ciphersuites
......................................................................


Patch Set 4: Verified-1

Build failed: https://jenkins.impala.io/job/gerrit-verify-dryrun/8377/


-- 
To view, visit http://gerrit.cloudera.org:8080/18316
To unsubscribe, visit http://gerrit.cloudera.org:8080/settings

Gerrit-Project: Impala-ASF
Gerrit-Branch: master
Gerrit-MessageType: comment
Gerrit-Change-Id: I6974dae7fb429599847165614adc4eaaf338f744
Gerrit-Change-Number: 18316
Gerrit-PatchSet: 4
Gerrit-Owner: Joe McDonnell <jo...@cloudera.com>
Gerrit-Reviewer: Impala Public Jenkins <im...@cloudera.com>
Gerrit-Reviewer: Joe McDonnell <jo...@cloudera.com>
Gerrit-Comment-Date: Fri, 29 Jul 2022 23:35:38 +0000
Gerrit-HasComments: No

[Impala-ASF-CR] IMPALA-10069: Support TLS 1.3 ciphersuites

Posted by "Michael Smith (Code Review)" <ge...@cloudera.org>.

Michael Smith has posted comments on this change. ( http://gerrit.cloudera.org:8080/18316 )

Change subject: IMPALA-10069: Support TLS 1.3 ciphersuites
......................................................................


Patch Set 4: Code-Review+1


-- 
To view, visit http://gerrit.cloudera.org:8080/18316
To unsubscribe, visit http://gerrit.cloudera.org:8080/settings

Gerrit-Project: Impala-ASF
Gerrit-Branch: master
Gerrit-MessageType: comment
Gerrit-Change-Id: I6974dae7fb429599847165614adc4eaaf338f744
Gerrit-Change-Number: 18316
Gerrit-PatchSet: 4
Gerrit-Owner: Joe McDonnell <jo...@cloudera.com>
Gerrit-Reviewer: Impala Public Jenkins <im...@cloudera.com>
Gerrit-Reviewer: Joe McDonnell <jo...@cloudera.com>
Gerrit-Reviewer: Michael Smith <mi...@cloudera.com>
Gerrit-Comment-Date: Thu, 04 Aug 2022 16:00:18 +0000
Gerrit-HasComments: No

[Impala-ASF-CR] IMPALA-10069: Support TLS 1.3 ciphersuites

Posted by "Impala Public Jenkins (Code Review)" <ge...@cloudera.org>.

Impala Public Jenkins has posted comments on this change. ( http://gerrit.cloudera.org:8080/18316 )

Change subject: IMPALA-10069: Support TLS 1.3 ciphersuites
......................................................................


Patch Set 4: Verified+1


-- 
To view, visit http://gerrit.cloudera.org:8080/18316
To unsubscribe, visit http://gerrit.cloudera.org:8080/settings

Gerrit-Project: Impala-ASF
Gerrit-Branch: master
Gerrit-MessageType: comment
Gerrit-Change-Id: I6974dae7fb429599847165614adc4eaaf338f744
Gerrit-Change-Number: 18316
Gerrit-PatchSet: 4
Gerrit-Owner: Joe McDonnell <jo...@cloudera.com>
Gerrit-Reviewer: Impala Public Jenkins <im...@cloudera.com>
Gerrit-Reviewer: Joe McDonnell <jo...@cloudera.com>
Gerrit-Comment-Date: Sat, 30 Jul 2022 09:04:10 +0000
Gerrit-HasComments: No

[Impala-ASF-CR] IMPALA-10069: Support TLS 1.3 ciphersuites

Posted by "Wenzhe Zhou (Code Review)" <ge...@cloudera.org>.

Wenzhe Zhou has posted comments on this change. ( http://gerrit.cloudera.org:8080/18316 )

Change subject: IMPALA-10069: Support TLS 1.3 ciphersuites
......................................................................


Patch Set 4:

(3 comments)

http://gerrit.cloudera.org:8080/#/c/18316/4/be/src/rpc/rpc-mgr.cc
File be/src/rpc/rpc-mgr.cc:

http://gerrit.cloudera.org:8080/#/c/18316/4/be/src/rpc/rpc-mgr.cc@181
PS4, Line 181: bld.set_rpc_tls_ciphersuites(FLAGS_tls_ciphersuites);
Do we need to call bld.set_rpc_tls_ciphersuites() if FLAGS_tls_ciphersuites equals kudu::SecurityDefaults::SecurityDefaults::kDefaultTlsCipherSuites?


http://gerrit.cloudera.org:8080/#/c/18316/4/be/src/rpc/rpc-mgr.cc@184
PS4, Line 184:  == ""
Should we use .empty()?


http://gerrit.cloudera.org:8080/#/c/18316/4/be/src/service/impala-server.cc
File be/src/service/impala-server.cc:

http://gerrit.cloudera.org:8080/#/c/18316/4/be/src/service/impala-server.cc@248
PS4, Line 248: Thrift RPC
Thrift RPC and KRPC?



-- 
To view, visit http://gerrit.cloudera.org:8080/18316
To unsubscribe, visit http://gerrit.cloudera.org:8080/settings

Gerrit-Project: Impala-ASF
Gerrit-Branch: master
Gerrit-MessageType: comment
Gerrit-Change-Id: I6974dae7fb429599847165614adc4eaaf338f744
Gerrit-Change-Number: 18316
Gerrit-PatchSet: 4
Gerrit-Owner: Joe McDonnell <jo...@cloudera.com>
Gerrit-Reviewer: Impala Public Jenkins <im...@cloudera.com>
Gerrit-Reviewer: Joe McDonnell <jo...@cloudera.com>
Gerrit-Reviewer: Michael Smith <mi...@cloudera.com>
Gerrit-Reviewer: Wenzhe Zhou <wz...@cloudera.com>
Gerrit-Comment-Date: Mon, 15 Aug 2022 23:32:28 +0000
Gerrit-HasComments: Yes

[Impala-ASF-CR] IMPALA-10069: Support TLS 1.3 ciphersuites

Posted by "Impala Public Jenkins (Code Review)" <ge...@cloudera.org>.

Impala Public Jenkins has posted comments on this change. ( http://gerrit.cloudera.org:8080/18316 )

Change subject: IMPALA-10069: Support TLS 1.3 ciphersuites
......................................................................


Patch Set 6:

Build Successful 

https://jenkins.impala.io/job/gerrit-code-review-checks/11205/ : Initial code review checks passed. Use gerrit-verify-dryrun-external or gerrit-verify-dryrun to run full precommit tests.


-- 
To view, visit http://gerrit.cloudera.org:8080/18316
To unsubscribe, visit http://gerrit.cloudera.org:8080/settings

Gerrit-Project: Impala-ASF
Gerrit-Branch: master
Gerrit-MessageType: comment
Gerrit-Change-Id: I6974dae7fb429599847165614adc4eaaf338f744
Gerrit-Change-Number: 18316
Gerrit-PatchSet: 6
Gerrit-Owner: Joe McDonnell <jo...@cloudera.com>
Gerrit-Reviewer: Impala Public Jenkins <im...@cloudera.com>
Gerrit-Reviewer: Joe McDonnell <jo...@cloudera.com>
Gerrit-Reviewer: Michael Smith <mi...@cloudera.com>
Gerrit-Reviewer: Wenzhe Zhou <wz...@cloudera.com>
Gerrit-Comment-Date: Mon, 22 Aug 2022 20:54:28 +0000
Gerrit-HasComments: No