Support Questions
Find answers, ask questions, and share your expertise
Alert: Welcome to the Unified Cloudera Community. Former HCC members be sure to read and learn how to activate your account here.

Impyla TLS/SSL issues with newer versions of SSL

Impyla TLS/SSL issues with newer versions of SSL

New Contributor

I apologize if this is a duplicate, but I was unable to find anything on it via searches.  We recently restricted remote access to hive to SSL/TLS with the TLS protocol version being 1.1 or higher (1.2).  This caused our business partners using impyla to have issues.  The erorr we get includes 


We tracked it down and it appears the problem is that impyla, when used with python 2, realies on thrift version 0.9.3 or older. In that version of thrift, in the transport package, is a python class called In that python class the version is hard coded to version 1 with: 




The comments indicate that the calling program could override that version after instantiating an instance of the class, but the impyla code does not do that.


Newer versions of thrift correctly let openssl auto negotiate that version, but impyla won't work with newer versions of thrift without code changes. I was wondering if anyone had solved this in a robust way.  Our solution was to create a python virtual environment and change the code to hard code: 




This feels like a very brittle solution at best.  I opened Case 203382 with Cloudera, but they don't support impyla. Looking to the community for additional ideas.  Thanks,


Don't have an account?
Coming from Hortonworks? Activate your account here