[native-toolchain-CR] thrift-0.9.3-p4: forward compatibility of TLS protocols
Tianyi Wang has posted comments on this change. ( http://gerrit.cloudera.org:8080/10129 ) Change subject: thrift-0.9.3-p4: forward compatibility of TLS protocols .. Patch Set 3: Verified+1 -- To view, visit http://gerrit.cloudera.org:8080/10129 To unsubscribe, visit http://gerrit.cloudera.org:8080/settings Gerrit-Project: native-toolchain Gerrit-Branch: master Gerrit-MessageType: comment Gerrit-Change-Id: Ifdca94a9426feff5ab52a80cf4da669a3fbfe812 Gerrit-Change-Number: 10129 Gerrit-PatchSet: 3 Gerrit-Owner: Tianyi WangGerrit-Reviewer: Michael Ho Gerrit-Reviewer: Sailesh Mukil Gerrit-Reviewer: Tianyi Wang Gerrit-Comment-Date: Wed, 25 Apr 2018 18:40:25 + Gerrit-HasComments: No
[native-toolchain-CR] thrift-0.9.3-p4: forward compatibility of TLS protocols
Tianyi Wang has submitted this change and it was merged. ( http://gerrit.cloudera.org:8080/10129 ) Change subject: thrift-0.9.3-p4: forward compatibility of TLS protocols .. thrift-0.9.3-p4: forward compatibility of TLS protocols This patch adds thrift-0.9.3-p4. In thrift-0.9.3-p3, TLS protocols are not forward-compatible. A server using TLSv1_x only works with a client using the same protocol. This patch changes thrift into using SSLv23_method() and disabling undesired protocols using flags. TLSv1_x will behave like TLSv1_x_plus in thrift-0.9.0-p11 and is compatible with later versions. Change-Id: Ifdca94a9426feff5ab52a80cf4da669a3fbfe812 Reviewed-on: http://gerrit.cloudera.org:8080/10129 Reviewed-by: Tianyi WangReviewed-by: Sailesh Mukil Tested-by: Tianyi Wang --- M buildall.sh A source/thrift/thrift-0.9.3-patches/0004-TLS-forward-compatibility.patch 2 files changed, 56 insertions(+), 1 deletion(-) Approvals: Tianyi Wang: Looks good to me, but someone else must approve; Verified Sailesh Mukil: Looks good to me, approved -- To view, visit http://gerrit.cloudera.org:8080/10129 To unsubscribe, visit http://gerrit.cloudera.org:8080/settings Gerrit-Project: native-toolchain Gerrit-Branch: master Gerrit-MessageType: merged Gerrit-Change-Id: Ifdca94a9426feff5ab52a80cf4da669a3fbfe812 Gerrit-Change-Number: 10129 Gerrit-PatchSet: 4 Gerrit-Owner: Tianyi Wang Gerrit-Reviewer: Michael Ho Gerrit-Reviewer: Sailesh Mukil Gerrit-Reviewer: Tianyi Wang
[native-toolchain-CR] thrift-0.9.3-p4: forward compatibility of TLS protocols
Sailesh Mukil has posted comments on this change. ( http://gerrit.cloudera.org:8080/10129 ) Change subject: thrift-0.9.3-p4: forward compatibility of TLS protocols .. Patch Set 3: Code-Review+2 -- To view, visit http://gerrit.cloudera.org:8080/10129 To unsubscribe, visit http://gerrit.cloudera.org:8080/settings Gerrit-Project: native-toolchain Gerrit-Branch: master Gerrit-MessageType: comment Gerrit-Change-Id: Ifdca94a9426feff5ab52a80cf4da669a3fbfe812 Gerrit-Change-Number: 10129 Gerrit-PatchSet: 3 Gerrit-Owner: Tianyi WangGerrit-Reviewer: Michael Ho Gerrit-Reviewer: Sailesh Mukil Gerrit-Reviewer: Tianyi Wang Gerrit-Comment-Date: Tue, 24 Apr 2018 20:41:16 + Gerrit-HasComments: No
[native-toolchain-CR] thrift-0.9.3-p4: forward compatibility of TLS protocols
Tianyi Wang has uploaded a new patch set (#3). ( http://gerrit.cloudera.org:8080/10129 ) Change subject: thrift-0.9.3-p4: forward compatibility of TLS protocols .. thrift-0.9.3-p4: forward compatibility of TLS protocols This patch adds thrift-0.9.3-p4. In thrift-0.9.3-p3, TLS protocols are not forward-compatible. A server using TLSv1_x only works with a client using the same protocol. This patch changes thrift into using SSLv23_method() and disabling undesired protocols using flags. TLSv1_x will behave like TLSv1_x_plus in thrift-0.9.0-p11 and is compatible with later versions. Change-Id: Ifdca94a9426feff5ab52a80cf4da669a3fbfe812 --- M buildall.sh A source/thrift/thrift-0.9.3-patches/0004-TLS-forward-compatibility.patch 2 files changed, 56 insertions(+), 1 deletion(-) git pull ssh://gerrit.cloudera.org:29418/native-toolchain refs/changes/29/10129/3 -- To view, visit http://gerrit.cloudera.org:8080/10129 To unsubscribe, visit http://gerrit.cloudera.org:8080/settings Gerrit-Project: native-toolchain Gerrit-Branch: master Gerrit-MessageType: newpatchset Gerrit-Change-Id: Ifdca94a9426feff5ab52a80cf4da669a3fbfe812 Gerrit-Change-Number: 10129 Gerrit-PatchSet: 3 Gerrit-Owner: Tianyi WangGerrit-Reviewer: Michael Ho Gerrit-Reviewer: Sailesh Mukil Gerrit-Reviewer: Tianyi Wang
[native-toolchain-CR] thrift-0.9.3-p4: forward compatibility of TLS protocols
Michael Ho has posted comments on this change. ( http://gerrit.cloudera.org:8080/10129 ) Change subject: thrift-0.9.3-p4: forward compatibility of TLS protocols .. Patch Set 2: Code-Review+1 (1 comment) Please have Sailesh take a look too. http://gerrit.cloudera.org:8080/#/c/10129/1/source/thrift/thrift-0.9.3-patches/0004-TLS-forward-compatibility.patch File source/thrift/thrift-0.9.3-patches/0004-TLS-forward-compatibility.patch: http://gerrit.cloudera.org:8080/#/c/10129/1/source/thrift/thrift-0.9.3-patches/0004-TLS-forward-compatibility.patch@33 PS1, Line 33: + break; May wanna include "protocol" in the exception string. -- To view, visit http://gerrit.cloudera.org:8080/10129 To unsubscribe, visit http://gerrit.cloudera.org:8080/settings Gerrit-Project: native-toolchain Gerrit-Branch: master Gerrit-MessageType: comment Gerrit-Change-Id: Ifdca94a9426feff5ab52a80cf4da669a3fbfe812 Gerrit-Change-Number: 10129 Gerrit-PatchSet: 2 Gerrit-Owner: Tianyi WangGerrit-Reviewer: Michael Ho Gerrit-Reviewer: Sailesh Mukil Gerrit-Reviewer: Tianyi Wang Gerrit-Comment-Date: Mon, 23 Apr 2018 20:57:08 + Gerrit-HasComments: Yes
[native-toolchain-CR] thrift-0.9.3-p4: forward compatibility of TLS protocols
Tianyi Wang has uploaded a new patch set (#2). ( http://gerrit.cloudera.org:8080/10129 ) Change subject: thrift-0.9.3-p4: forward compatibility of TLS protocols .. thrift-0.9.3-p4: forward compatibility of TLS protocols This patch adds thrift-0.9.3-p4. In thrift-0.9.3-p3, TLS protocols are not forward-compatible. A server using TLSv1_x only works with a client using the same protocol. This patch changes thrift into using SSLv23_method() and disabling undesired protocols using flags. TLSv1_x will behave like TLSv1_x_plus in thrift-0.9.0-p11 and is compatible with later versions. Change-Id: Ifdca94a9426feff5ab52a80cf4da669a3fbfe812 --- M buildall.sh A source/thrift/thrift-0.9.3-patches/0004-TLS-forward-compatibility.patch 2 files changed, 55 insertions(+), 1 deletion(-) git pull ssh://gerrit.cloudera.org:29418/native-toolchain refs/changes/29/10129/2 -- To view, visit http://gerrit.cloudera.org:8080/10129 To unsubscribe, visit http://gerrit.cloudera.org:8080/settings Gerrit-Project: native-toolchain Gerrit-Branch: master Gerrit-MessageType: newpatchset Gerrit-Change-Id: Ifdca94a9426feff5ab52a80cf4da669a3fbfe812 Gerrit-Change-Number: 10129 Gerrit-PatchSet: 2 Gerrit-Owner: Tianyi WangGerrit-Reviewer: Michael Ho Gerrit-Reviewer: Sailesh Mukil Gerrit-Reviewer: Tianyi Wang
[native-toolchain-CR] thrift-0.9.3-p4: forward compatibility of TLS protocols
Michael Ho has posted comments on this change. ( http://gerrit.cloudera.org:8080/10129 ) Change subject: thrift-0.9.3-p4: forward compatibility of TLS protocols .. Patch Set 1: (2 comments) http://gerrit.cloudera.org:8080/#/c/10129/1/source/thrift/thrift-0.9.3-patches/0004-TLS-forward-compatibility.patch File source/thrift/thrift-0.9.3-patches/0004-TLS-forward-compatibility.patch: http://gerrit.cloudera.org:8080/#/c/10129/1/source/thrift/thrift-0.9.3-patches/0004-TLS-forward-compatibility.patch@24 PS1, Line 24: + int options = SSL_OP_NO_SSLv2 | SSL_OP_NO_SSLv3; This may warrant a comment copied from below. // Disable horribly insecure SSLv2 and SSLv3 protocols but allow a handshake // with older clients so they get a graceful denial. http://gerrit.cloudera.org:8080/#/c/10129/1/source/thrift/thrift-0.9.3-patches/0004-TLS-forward-compatibility.patch@30 PS1, Line 30: case TLSv1_0: Should this also include SSLTLS ? -- To view, visit http://gerrit.cloudera.org:8080/10129 To unsubscribe, visit http://gerrit.cloudera.org:8080/settings Gerrit-Project: native-toolchain Gerrit-Branch: master Gerrit-MessageType: comment Gerrit-Change-Id: Ifdca94a9426feff5ab52a80cf4da669a3fbfe812 Gerrit-Change-Number: 10129 Gerrit-PatchSet: 1 Gerrit-Owner: Tianyi WangGerrit-Reviewer: Michael Ho Gerrit-Comment-Date: Mon, 23 Apr 2018 18:12:56 + Gerrit-HasComments: Yes
[native-toolchain-CR] thrift-0.9.3-p4: forward compatibility of TLS protocols
Tianyi Wang has uploaded this change for review. ( http://gerrit.cloudera.org:8080/10129 Change subject: thrift-0.9.3-p4: forward compatibility of TLS protocols .. thrift-0.9.3-p4: forward compatibility of TLS protocols This patch adds thrift-0.9.3-p4. In thrift-0.9.3-p3, TLS protocols are not forward-compatible. A server using TLSv1_x only works with a client using the same protocol. This patch changes thrift into using SSLv23_method() and disabling undesired protocols using flags. TLSv1_x will behave like TLSv1_x_plus in thrift-0.9.0-p11 and is compatible with later versions. Change-Id: Ifdca94a9426feff5ab52a80cf4da669a3fbfe812 --- M buildall.sh A source/thrift/thrift-0.9.3-patches/0004-TLS-forward-compatibility.patch 2 files changed, 53 insertions(+), 1 deletion(-) git pull ssh://gerrit.cloudera.org:29418/native-toolchain refs/changes/29/10129/1 -- To view, visit http://gerrit.cloudera.org:8080/10129 To unsubscribe, visit http://gerrit.cloudera.org:8080/settings Gerrit-Project: native-toolchain Gerrit-Branch: master Gerrit-MessageType: newchange Gerrit-Change-Id: Ifdca94a9426feff5ab52a80cf4da669a3fbfe812 Gerrit-Change-Number: 10129 Gerrit-PatchSet: 1 Gerrit-Owner: Tianyi Wang