impala-reviews mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Henry Robinson (Code Review)" <>
Subject [Impala-ASF-CR] IMPALA-5743: Support TLS version configuration for Thrift servers
Date Tue, 15 Aug 2017 01:08:34 GMT
Hello Sailesh Mukil, Dan Hecht,

I'd like you to reexamine a change.  Please visit

to look at the new patch set (#5).

Change subject: IMPALA-5743: Support TLS version configuration for Thrift servers

IMPALA-5743: Support TLS version configuration for Thrift servers

* Add --ssl_minimum_version which controls the minimum SSL/TLS version
  that clients and servers will use when negotiating a secure
* Two kinds of version specification are allowed: 'TLSv1.1' enables
  TLSv1.1 and all subsequent verisons. 'TLSv1.1_only' enables only
  TLSv1.1. The latter is not exposed in user-facing text as it is
  typically only used for testing.
* Handle case where platform may not support TLSv1.1 or v1.2 by checking
  OpenSSL version number.
* Bump Thrift toolchain version to -p10.

* New tests in In particular, test all 36
  configurations of client and server protocol versions, and ensure that
  the expected successes or failures are seen.

Change-Id: I4c68a6c9658ddbfbe8025f2021fd5ed7a9dec5a5
M be/src/catalog/
M be/src/rpc/
M be/src/rpc/thrift-client.h
M be/src/rpc/
M be/src/rpc/
M be/src/rpc/thrift-server.h
M be/src/service/
M be/src/statestore/
M be/src/statestore/
M bin/
10 files changed, 212 insertions(+), 26 deletions(-)

  git pull ssh:// refs/changes/06/7606/5
To view, visit
To unsubscribe, visit

Gerrit-MessageType: newpatchset
Gerrit-Change-Id: I4c68a6c9658ddbfbe8025f2021fd5ed7a9dec5a5
Gerrit-PatchSet: 5
Gerrit-Project: Impala-ASF
Gerrit-Branch: master
Gerrit-Owner: Henry Robinson <>
Gerrit-Reviewer: Dan Hecht <>
Gerrit-Reviewer: Henry Robinson <>
Gerrit-Reviewer: Impala Public Jenkins
Gerrit-Reviewer: Sailesh Mukil <>

View raw message