Return-Path: X-Original-To: archive-asf-public-internal@cust-asf2.ponee.io Delivered-To: archive-asf-public-internal@cust-asf2.ponee.io Received: from cust-asf.ponee.io (cust-asf.ponee.io [163.172.22.183]) by cust-asf2.ponee.io (Postfix) with ESMTP id 8989E200CE9 for ; Sat, 5 Aug 2017 01:35:47 +0200 (CEST) Received: by cust-asf.ponee.io (Postfix) id 8817316CEB9; Fri, 4 Aug 2017 23:35:47 +0000 (UTC) Delivered-To: archive-asf-public@cust-asf.ponee.io Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by cust-asf.ponee.io (Postfix) with SMTP id C8AE516CE52 for ; Sat, 5 Aug 2017 01:35:46 +0200 (CEST) Received: (qmail 7004 invoked by uid 500); 4 Aug 2017 23:35:46 -0000 Mailing-List: contact reviews-help@impala.incubator.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Delivered-To: mailing list reviews@impala.incubator.apache.org Received: (qmail 6993 invoked by uid 99); 4 Aug 2017 23:35:45 -0000 Received: from pnap-us-west-generic-nat.apache.org (HELO spamd3-us-west.apache.org) (209.188.14.142) by apache.org (qpsmtpd/0.29) with ESMTP; Fri, 04 Aug 2017 23:35:45 +0000 Received: from localhost (localhost [127.0.0.1]) by spamd3-us-west.apache.org (ASF Mail Server at spamd3-us-west.apache.org) with ESMTP id 41554180805 for ; Fri, 4 Aug 2017 23:35:45 +0000 (UTC) X-Virus-Scanned: Debian amavisd-new at spamd3-us-west.apache.org X-Spam-Flag: NO X-Spam-Score: 0.362 X-Spam-Level: X-Spam-Status: No, score=0.362 tagged_above=-999 required=6.31 tests=[RDNS_DYNAMIC=0.363, SPF_PASS=-0.001] autolearn=disabled Received: from mx1-lw-eu.apache.org ([10.40.0.8]) by localhost (spamd3-us-west.apache.org [10.40.0.10]) (amavisd-new, port 10024) with ESMTP id rWm2tDAK8j5p for ; Fri, 4 Aug 2017 23:35:44 +0000 (UTC) Received: from ip-10-146-233-104.ec2.internal (ec2-75-101-130-251.compute-1.amazonaws.com [75.101.130.251]) by mx1-lw-eu.apache.org (ASF Mail Server at mx1-lw-eu.apache.org) with ESMTPS id 89D705F5C4 for ; Fri, 4 Aug 2017 23:35:43 +0000 (UTC) Received: from localhost (localhost [127.0.0.1]) by ip-10-146-233-104.ec2.internal (8.14.4/8.14.4) with ESMTP id v74NZf8x015788; Fri, 4 Aug 2017 23:35:41 GMT Message-Id: <201708042335.v74NZf8x015788@ip-10-146-233-104.ec2.internal> Date: Fri, 4 Aug 2017 23:35:41 +0000 From: "Henry Robinson (Code Review)" To: impala-cr@cloudera.com, reviews@impala.incubator.apache.org CC: Sailesh Mukil Reply-To: henry@cloudera.com X-Gerrit-MessageType: newpatchset Subject: =?UTF-8?Q?=5BImpala-ASF-CR=5D_IMPALA-5696=3A_Enable_cipher_configuration_when_using_TLS_/_Thrift=0A?= X-Gerrit-Change-Id: I735ae36eebfdf7228f235686c9c69642c3c9d84f X-Gerrit-ChangeURL: X-Gerrit-Commit: 20a801a9637077fe5066f6f4cc3aa63e4baf3efe In-Reply-To: References: MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Content-Disposition: inline User-Agent: Gerrit/2.12.7 archived-at: Fri, 04 Aug 2017 23:35:47 -0000 Henry Robinson has uploaded a new patch set (#3). Change subject: IMPALA-5696: Enable cipher configuration when using TLS / Thrift ...................................................................... IMPALA-5696: Enable cipher configuration when using TLS / Thrift The 'cipher suite' is a description of the set of algorithms used by SSL and TLS to execute key exchange, encryption, message authentication, and random number generation functions. SSL implementations allow the cipher suite to be configured so that ciphers may be removed from the whitelist if they are shown to be weak. * Add a flag --ssl_cipher_list which controls cipher selection for both thrift servers and clients. Default is blank, which means use all available cipher suites. * Add ThriftServerBuilder to simplify construction of ThriftServers (whose constructors were otherwise getting very long). Testing: new tests added to thrift-server-test. Test cases added follow: * A client cannot connect to a server which does not have any ciphers in common with it. * If ciphers are identical on clients and servers, that ssl connections can be made. * Bad cipher strings lead to errors on both client and server. Change-Id: I735ae36eebfdf7228f235686c9c69642c3c9d84f --- M be/src/benchmarks/network-perf-benchmark.cc M be/src/catalog/catalogd-main.cc M be/src/rpc/thrift-client.cc M be/src/rpc/thrift-server-test.cc M be/src/rpc/thrift-server.cc M be/src/rpc/thrift-server.h M be/src/runtime/data-stream-test.cc M be/src/service/impala-server.cc M be/src/statestore/statestore-subscriber.cc M be/src/statestore/statestored-main.cc M be/src/testutil/in-process-servers.cc A be/src/testutil/scoped-flag-setter.h M be/src/util/webserver-test.cc 13 files changed, 427 insertions(+), 142 deletions(-) git pull ssh://gerrit.cloudera.org:29418/Impala-ASF refs/changes/24/7524/3 -- To view, visit http://gerrit.cloudera.org:8080/7524 To unsubscribe, visit http://gerrit.cloudera.org:8080/settings Gerrit-MessageType: newpatchset Gerrit-Change-Id: I735ae36eebfdf7228f235686c9c69642c3c9d84f Gerrit-PatchSet: 3 Gerrit-Project: Impala-ASF Gerrit-Branch: master Gerrit-Owner: Henry Robinson Gerrit-Reviewer: Henry Robinson Gerrit-Reviewer: Sailesh Mukil