Sailesh Mukil has posted comments on this change. ( http://gerrit.cloudera.org:8080/9060 )
Change subject: IMPALA-6418: Find a reliable way to detect supported TLS versions ...................................................................... Patch Set 1: (1 comment) > Is there a convenient place where we can log the relevant > MaxSSLVersion() at startup, perhaps only where we want to use SSL? The MaxTlsVersionSupported() returns an internal representation of the version rather than something like TLSv1.2. So we could log it, but it wouldn't make too much sense to the user. I'm also against adding our own conversion layer from their internal representation to a human readable string, as that could easily change between versions. http://gerrit.cloudera.org:8080/#/c/9060/1/be/src/util/openssl-util.h File be/src/util/openssl-util.h: http://gerrit.cloudera.org:8080/#/c/9060/1/be/src/util/openssl-util.h@90 PS1, Line 90: mode_ = MaxSupportedTlsVersion() < TLS1_2_VERSION ? AES_256_CFB : AES_256_CTR; > Looks like this was already the case, but won't this prohibit running a sin We don't explicitly support that configuration, i.e. different OpenSSL versions on different nodes. Also, this part of the code is currently only used for spill-to-disk operations, which is node local. -- To view, visit http://gerrit.cloudera.org:8080/9060 To unsubscribe, visit http://gerrit.cloudera.org:8080/settings Gerrit-Project: Impala-ASF Gerrit-Branch: master Gerrit-MessageType: comment Gerrit-Change-Id: Idd40219b7be5889b3c24457acdb79a28bdcd9bfb Gerrit-Change-Number: 9060 Gerrit-PatchSet: 1 Gerrit-Owner: Sailesh Mukil <sail...@cloudera.com> Gerrit-Reviewer: Dan Burkert <danburk...@apache.org> Gerrit-Reviewer: Michael Ho <k...@cloudera.com> Gerrit-Reviewer: Philip Zeyliger <phi...@cloudera.com> Gerrit-Reviewer: Sailesh Mukil <sail...@cloudera.com> Gerrit-Comment-Date: Thu, 18 Jan 2018 21:12:47 +0000 Gerrit-HasComments: Yes