impala-reviews mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "John Russell (Code Review)" <ger...@cloudera.org>
Subject [Impala-ASF-CR] IMPALA-5473: [DOCS] Document TLS min version & cipher options
Date Fri, 27 Oct 2017 23:04:43 GMT
John Russell has posted comments on this change. ( http://gerrit.cloudera.org:8080/8401 )

Change subject: IMPALA-5473: [DOCS] Document TLS min version & cipher options
......................................................................


Patch Set 2:

(2 comments)

I'll punt to Sailesh for the answer to one of Henry's questions.

http://gerrit.cloudera.org:8080/#/c/8401/2/docs/topics/impala_ssl.xml
File docs/topics/impala_ssl.xml:

http://gerrit.cloudera.org:8080/#/c/8401/2/docs/topics/impala_ssl.xml@171
PS2, Line 171: This value is used in some organizations to disallow TLS 1.0 and 1.1.
> This seems redundant, as that's what "Allow any TLS version of 1.2 higher."
Hmm I was trying to come up a subtle way to indicate, "consider using this value if your organization
is security-conscious". I'm not an expert on TLS/SSL vulns but I did turn up this one that
suggests some problems are in both 1.0 and 1.1 but not 1.2. https://nakedsecurity.sophos.com/2013/02/07/boffins-crack-https-encryptionin-lucky-thirteen-attack/


http://gerrit.cloudera.org:8080/#/c/8401/2/docs/topics/impala_ssl.xml@177
PS2, Line 177: TLSv1.2 may not work
> How does it 'not work' - does the daemon fail to start, or does the daemon 
Good question for Sailesh!



-- 
To view, visit http://gerrit.cloudera.org:8080/8401
To unsubscribe, visit http://gerrit.cloudera.org:8080/settings

Gerrit-Project: Impala-ASF
Gerrit-Branch: master
Gerrit-MessageType: comment
Gerrit-Change-Id: Ia1705262f8c01e38c616541d1c48f5d0cad5498e
Gerrit-Change-Number: 8401
Gerrit-PatchSet: 2
Gerrit-Owner: John Russell <jrussell@cloudera.com>
Gerrit-Reviewer: Bharath Vissapragada <bharathv@cloudera.com>
Gerrit-Reviewer: Henry Robinson <henry@cloudera.com>
Gerrit-Reviewer: John Russell <jrussell@cloudera.com>
Gerrit-Reviewer: Michael Brown <mikeb@cloudera.com>
Gerrit-Reviewer: Sailesh Mukil <sailesh@cloudera.com>
Gerrit-Reviewer: Tim Armstrong <tarmstrong@cloudera.com>
Gerrit-Comment-Date: Fri, 27 Oct 2017 23:04:43 +0000
Gerrit-HasComments: Yes

Mime
  • Unnamed multipart/alternative (inline, 8-Bit, 0 bytes)
View raw message