Riza Suminto has posted comments on this change. ( http://gerrit.cloudera.org:8080/23069 )
Change subject: IMPALA-14161: Thrift SSL tests fail on Centos 7 ...................................................................... Patch Set 2: Code-Review+1 > Patch Set 2: > > It seems that we don't even need to add "AES256-GCM-SHA384", it is enough to > set the cipher list in the test for the servers. > My idea is that we can make the tests pass in two ways: > - Adding "AES256-GCM-SHA384" to the > SecurityDefaults::SecurityDefaults::kDefaultTlsCiphers list in > be/srckudu/security/security_flags.cc. This "fixes" the Thrift clients in the > tests. > - Passing the default cipher list to the Thrift servers, which "fixes" the > servers. > I went with the second approach in this patch. 2nd approach make sense to me. But please double check that behavior/test scenario of some negative test about ciphers (BadCipher, MismatchCipher, MismatchedTlsCiphersuites) stays the same after applying this 2nd approach. -- To view, visit http://gerrit.cloudera.org:8080/23069 To unsubscribe, visit http://gerrit.cloudera.org:8080/settings Gerrit-Project: Impala-ASF Gerrit-Branch: master Gerrit-MessageType: comment Gerrit-Change-Id: I2ade7e7308c05baf640a6cbfd62d10f9689a5d9a Gerrit-Change-Number: 23069 Gerrit-PatchSet: 2 Gerrit-Owner: Daniel Becker <[email protected]> Gerrit-Reviewer: Csaba Ringhofer <[email protected]> Gerrit-Reviewer: Daniel Becker <[email protected]> Gerrit-Reviewer: Impala Public Jenkins <[email protected]> Gerrit-Reviewer: Joe McDonnell <[email protected]> Gerrit-Reviewer: Laszlo Gaal <[email protected]> Gerrit-Reviewer: Riza Suminto <[email protected]> Gerrit-Comment-Date: Tue, 24 Jun 2025 14:15:17 +0000 Gerrit-HasComments: No
