James E. King, III created THRIFT-4084: ------------------------------------------
Summary: Improve SSL security in thrift by adding a make cross client that checks to make sure SSLv2 and SSLv3 protocols cannot be negotiated Key: THRIFT-4084 URL: https://issues.apache.org/jira/browse/THRIFT-4084 Project: Thrift Issue Type: Improvement Components: Test Suite Affects Versions: 0.10.0 Environment: Ubuntu Dockerfile Reporter: James E. King, III Assignee: James E. King, III Following code review discussions in THRIFT-3369, and seeing THRIFT-3165 in the backlog, I want to add a make cross "language" which isn't a language at all, but a test that checks to see if it is possible to negotiate at various SSL/TLS protocol versions. This would be a client-only test, likely just a bash script that leverages the openssl client and command line options to connect to a test server and see if it handshakes and negotiates protocol successfully. Without THRIFT-3165 implemented, it will ensure: * Can handshake using the universal SSLv23 context. ** however cannot negotiate SSLv2 or SSLv3 * Can negotiate TLSv1.0 or later -- This message was sent by Atlassian JIRA (v6.3.15#6346)