Alexey Serbin has posted comments on this change. ( http://gerrit.cloudera.org:8080/15554 )
Change subject: [python] KUDU-3087 use 2048-bit RSA keys for CA and server certs ...................................................................... Patch Set 2: > @Alexey Serbin, > I took python test on my aarch64 instance, the test failed, if I > modify to 1024, then the tests success. > @Alexey Serbin, > I took python test on my aarch64 instance, the test failed, if I > modify to 1024, then the tests success. @huangtianhua, thank you very much for the verification and feedback. The reason I set the length of RSA keys to 2048 is to make sure it works on CentOS8. With CentOS8, the default security level of the OpenSSL library is set to 2, and in that case RSA keys of 1024-bits in length are considered too weak, so the client side is not able to verify certificates signed by such keys. Basically, this is a forward-looking patch: it addresses KUDU-3087 for Linux distros prior to RHEL/CentOS 8 and RHEL/CentOS 8, and also other hardened Linux OS distributions. -- To view, visit http://gerrit.cloudera.org:8080/15554 To unsubscribe, visit http://gerrit.cloudera.org:8080/settings Gerrit-Project: kudu Gerrit-Branch: master Gerrit-MessageType: comment Gerrit-Change-Id: I740d81291832bfc28c395443f2c01b0c9a7dbadf Gerrit-Change-Number: 15554 Gerrit-PatchSet: 2 Gerrit-Owner: Alexey Serbin <aser...@cloudera.com> Gerrit-Reviewer: Adar Dembo <a...@cloudera.com> Gerrit-Reviewer: Alexey Serbin <aser...@cloudera.com> Gerrit-Reviewer: Anonymous Coward <huangtianhua...@gmail.com> Gerrit-Reviewer: Grant Henke <granthe...@apache.org> Gerrit-Reviewer: Kudu Jenkins (120) Gerrit-Comment-Date: Wed, 25 Mar 2020 06:35:54 +0000 Gerrit-HasComments: No
