[ https://issues.apache.org/jira/browse/THRIFT-4084?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15862771#comment-15862771 ]
ASF GitHub Bot commented on THRIFT-4084: ---------------------------------------- Github user jeking3 commented on the issue: https://github.com/apache/thrift/pull/1185 I opened THRIFT-4084 as a mechanism to verify all the SSL server implementations are secure "enough" at their default settings. > Improve SSL security in thrift by adding a make cross client that checks to > make sure SSLv2 and SSLv3 protocols cannot be negotiated > ------------------------------------------------------------------------------------------------------------------------------------ > > Key: THRIFT-4084 > URL: https://issues.apache.org/jira/browse/THRIFT-4084 > Project: Thrift > Issue Type: Improvement > Components: Test Suite > Affects Versions: 0.10.0 > Environment: Ubuntu Dockerfile > Reporter: James E. King, III > Assignee: James E. King, III > Labels: cross-validation, security, ssl, tls > > Following code review discussions in THRIFT-3369, and seeing THRIFT-3165 in > the backlog, I want to add a make cross "language" which isn't a language at > all, but a test that checks to see if it is possible to negotiate at various > SSL/TLS protocol versions. This would be a client-only test, likely just a > bash script that leverages the openssl client and command line options to > connect to a test server and see if it handshakes and negotiates protocol > successfully. > Without THRIFT-3165 implemented, it will ensure: > * Can handshake using the universal SSLv23 context. > ** however cannot negotiate SSLv2 or SSLv3 > * Can negotiate TLSv1.0 or later -- This message was sent by Atlassian JIRA (v6.3.15#6346)