Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
IMPALA-5696: Enable cipher configuration when using TLS / Thrift
The 'cipher suite' is a description of the set of algorithms used by SSL and TLS to execute key exchange, encryption, message authentication, and random number generation functions. SSL implementations allow the cipher suite to be configured so that ciphers may be removed from the whitelist if they are shown to be weak. * Add a flag --ssl_cipher_list which controls cipher selection for both thrift servers and clients. Default is blank, which means use all available cipher suites. * Add ThriftServerBuilder to simplify construction of ThriftServers (whose constructors were otherwise getting very long). Testing: new tests added to thrift-server-test. Test cases added follow: * A client cannot connect to a server which does not have any ciphers in common with it. * If ciphers are identical on clients and servers, that ssl connections can be made. * Bad cipher strings lead to errors on both client and server. Change-Id: I735ae36eebfdf7228f235686c9c69642c3c9d84f Reviewed-on: http://gerrit.cloudera.org:8080/7524 Reviewed-by: Henry Robinson <henry@cloudera.com> Tested-by: Impala Public Jenkins
- Loading branch information
Henry Robinson
authored and
Impala Public Jenkins
committed
Aug 8, 2017
1 parent
d61065d
commit 68df21b
Showing
13 changed files
with
440 additions
and
143 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Oops, something went wrong.