[IMPALA-6418] Find a reliable way to detect supported TLS versions - ASF JIRA

XML

Word

Printable

JSON

Details

Type: Bug
Status: Resolved
Priority: Blocker
Resolution: Fixed
Affects Version/s: None
Fix Version/s: Impala 2.12.0
Component/s: Security
Labels:
- security

Target Version:

Impala 2.12.0
Epic Color:
ghx-label-2

Description

The problem in brief is that when we build against an older version of OpenSSL and run against a higher version of OpenSSL, the SSLeay() function (which is supposed to return the runtime version of OpenSSL), returns the compile time version of OpenSSL instead of the version that it's actually running against.

Due to this, our version compatibility checking code doesn't allow us to use TLSv1.2 on certain platforms (specifically RHEL when it's built against OpenSSL 1.0.0 and run on a CentOS system with OpenSSL 1.0.1 or above).

This was filed as a bug against RHEL:
https://bugzilla.redhat.com/show_bug.cgi?id=1497859

Attachments

Sub-Tasks

Impala 2.12 Doc: Remove the note about TLS 1.2 from Impala SSL doc

Closed

Alexandra Rodoni

Activity

People

Assignee:: Sailesh Mukil

Reporter:: Sailesh Mukil

Votes:: 0 Vote for this issue

Watchers:: 1 Start watching this issue

Dates

Created:: 18/Jan/18 17:22

Updated:: 17/Apr/18 22:50

Resolved:: 23/Jan/18 19:52