You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@drill.apache.org by GitBox <gi...@apache.org> on 2022/03/26 15:14:19 UTC

[GitHub] [drill] rymarm opened a new pull request #2505: Bump default TLS version to 1.3

rymarm opened a new pull request #2505:
URL: https://github.com/apache/drill/pull/2505


   # [DRILL-8177](https://issues.apache.org/jira/browse/DRILL-8177): Bump default TLS version to 1.3
   
   ## Description
   
   Change default TLS version to 1.3 for Web Server and client-drillbit connection as it is more efficient ans secure protocol.
   
   ## Documentation
   Default TLS version for RPC layer and Web Server is changed from 1.2 to 1.3
   
   ## Testing
   Manual verification with commands:
   ```
   openssl s_client -tls1_3 localnode.com:8047
   openssl s_client -tls1_3 localnode.com:31010
   openssl s_client -tls1_2 localnode.com:8047
   openssl s_client -tls1_2 localnode.com:31010
   ```
   


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: dev-unsubscribe@drill.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [drill] rymarm commented on pull request #2505: DRILL-8177: Bump default TLS version to 1.3

Posted by GitBox <gi...@apache.org>.

rymarm commented on pull request #2505:
URL: https://github.com/apache/drill/pull/2505#issuecomment-1079913541


   @luocooong Thank you for you comment! I've added related changes related to code base and documentation (https://github.com/apache/drill-site/pull/27)


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: dev-unsubscribe@drill.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [drill] cgivre merged pull request #2505: DRILL-8177: Bump default TLS version to 1.3

Posted by GitBox <gi...@apache.org>.

cgivre merged pull request #2505:
URL: https://github.com/apache/drill/pull/2505


   


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: dev-unsubscribe@drill.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [drill] luocooong commented on pull request #2505: DRILL-8177: Bump default TLS version to 1.3

Posted by GitBox <gi...@apache.org>.

luocooong commented on pull request #2505:
URL: https://github.com/apache/drill/pull/2505#issuecomment-1079879536


   @rymarm Thanks for the update. If we update the default SSL configuration, we also may have to update the default options and unit tests for the codebase.
   ```
   drill-module.conf - drill-java-exec/src/main/resources
   drill-override-example.conf - distribution/src/main/resources
   ExecConstants.java - drill-java-exec/src/main/java/org/apache/drill/exec
   SSLConfig.java - drill-java-exec/src/main/java/org/apache/drill/exec/ssl
   SslContextFactoryConfiguratorTest.java - drill-java-exec/src/test/java/org/apache/drill/exec/server/rest/ssl
   TestUserBitSSL.java - drill-java-exec/src/test/java/org/apache/drill/exec/rpc/user/security
   TestUserBitSSLServer.java - drill-java-exec/src/test/java/org/apache/drill/exec/rpc/user/security
   ```
   
   There are also associated documents [Configuring SSL/TLS for Encryption](https://github.com/apache/drill-site/blob/master/_docs/en/configure-drill/securing-drill/081-configuring-ssl-tls-for-encryption.md) to be update. Fork the `drill-site` and create new pull request for the markdown file.


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: dev-unsubscribe@drill.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [drill] rymarm edited a comment on pull request #2505: DRILL-8177: Bump default TLS version to 1.3

Posted by GitBox <gi...@apache.org>.

rymarm edited a comment on pull request #2505:
URL: https://github.com/apache/drill/pull/2505#issuecomment-1079913541


   @luocooong Thank you for you comment! I've added changes related to code base and documentation (https://github.com/apache/drill-site/pull/27)


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: dev-unsubscribe@drill.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org