You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@impala.apache.org by jb...@apache.org on 2019/05/19 17:21:18 UTC

[impala] 01/02: IMPALA-8563: Update SSL ciphers used in BE tests

This is an automated email from the ASF dual-hosted git repository.

jbapple pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/impala.git

commit 358e92ffa25270adb0cec90710409a7a6f2151da
Author: Laszlo Gaal <la...@cloudera.com>
AuthorDate: Fri May 17 16:49:27 2019 +0200

    IMPALA-8563: Update SSL ciphers used in BE tests
    
    Impala BE tests used RC4-based ciphers in a few BE tests, where
    OpenSSL contexts were set up manually.
    Since OpenSSL v1.1.0 these ciphers are not considered strong enough
    any more, so they are rejected, which made these tests fail on platforms
    using OpenSSL 1.1.0 (or higher), e.g. on Ubuntu 18.04.
    
    This patch changes the affected tests to use AES128 and AES256.
    
    The updated tests were verified on the following platforms:
    - Ubuntu 14.04, 16.04, 18.04
    - CentOS 6.4, 7.4
    
    Change-Id: I12b014361fb90afe63aed4b4608f6d6031e49cca
    Reviewed-on: http://gerrit.cloudera.org:8080/13364
    Reviewed-by: Tim Armstrong <ta...@cloudera.com>
    Reviewed-by: Michael Ho <kw...@cloudera.com>
    Tested-by: Impala Public Jenkins <im...@cloudera.com>
---
 be/src/rpc/rpc-mgr-test.h        | 4 ++--
 be/src/rpc/thrift-server-test.cc | 4 ++--
 be/src/util/webserver-test.cc    | 2 +-
 3 files changed, 5 insertions(+), 5 deletions(-)

diff --git a/be/src/rpc/rpc-mgr-test.h b/be/src/rpc/rpc-mgr-test.h
index 42c47fe..8b749b5 100644
--- a/be/src/rpc/rpc-mgr-test.h
+++ b/be/src/rpc/rpc-mgr-test.h
@@ -108,8 +108,8 @@ class ScopedSetTlsFlags {
 
 // Only use TLSv1.0 compatible ciphers, as tests might run on machines with only TLSv1.0
 // support.
-const string TLS1_0_COMPATIBLE_CIPHER = "RC4-SHA";
-const string TLS1_0_COMPATIBLE_CIPHER_2 = "RC4-MD5";
+const string TLS1_0_COMPATIBLE_CIPHER = "AES128-SHA";
+const string TLS1_0_COMPATIBLE_CIPHER_2 = "AES256-SHA";
 
 #define PAYLOAD_SIZE (4096)
 
diff --git a/be/src/rpc/thrift-server-test.cc b/be/src/rpc/thrift-server-test.cc
index 621f557..68b55e5 100644
--- a/be/src/rpc/thrift-server-test.cc
+++ b/be/src/rpc/thrift-server-test.cc
@@ -66,8 +66,8 @@ static string principal_kt_path;
 
 // Only use TLSv1.0 compatible ciphers, as tests might run on machines with only TLSv1.0
 // support.
-static const string TLS1_0_COMPATIBLE_CIPHER = "RC4-SHA";
-static const string TLS1_0_COMPATIBLE_CIPHER_2 = "RC4-MD5";
+static const string TLS1_0_COMPATIBLE_CIPHER = "AES128-SHA";
+static const string TLS1_0_COMPATIBLE_CIPHER_2 = "AES256-SHA";
 
 /// Dummy server class (chosen because it has the smallest interface to implement) that
 /// tests can use to start Thrift servers.
diff --git a/be/src/util/webserver-test.cc b/be/src/util/webserver-test.cc
index b100c74..c0c542a 100644
--- a/be/src/util/webserver-test.cc
+++ b/be/src/util/webserver-test.cc
@@ -268,7 +268,7 @@ TEST(Webserver, SslCipherSuite) {
 
   {
     auto ciphers = ScopedFlagSetter<string>::Make(
-        &FLAGS_ssl_cipher_list, "RC4-SHA");
+        &FLAGS_ssl_cipher_list, "AES128-SHA");
     Webserver webserver(FLAGS_webserver_port);
     ASSERT_OK(webserver.Start());
   }