Uploaded image for project: 'IMPALA'
  1. IMPALA
  2. IMPALA-6418

Find a reliable way to detect supported TLS versions

    Details

    • Type: Bug
    • Status: Resolved
    • Priority: Blocker
    • Resolution: Fixed
    • Affects Version/s: None
    • Fix Version/s: Impala 2.12.0
    • Component/s: Security
    • Labels:

      Description

      The problem in brief is that when we build against an older version of OpenSSL and run against a higher version of OpenSSL, the SSLeay() function (which is supposed to return the runtime version of OpenSSL), returns the compile time version of OpenSSL instead of the version that it's actually running against.

      Due to this, our version compatibility checking code doesn't allow us to use TLSv1.2 on certain platforms (specifically RHEL when it's built against OpenSSL 1.0.0 and run on a CentOS system with OpenSSL 1.0.1 or above).

      This was filed as a bug against RHEL:
      https://bugzilla.redhat.com/show_bug.cgi?id=1497859

        Attachments

          Activity

            People

            • Assignee:
              sailesh Sailesh Mukil
              Reporter:
              sailesh Sailesh Mukil
            • Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved: