You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@drill.apache.org by "Anton Gozhiy (Jira)" <ji...@apache.org> on 2020/03/20 11:30:00 UTC
[jira] [Closed] (DRILL-7647) Drill Web server doesn't work with TLS
protocol version 1.1
[ https://issues.apache.org/jira/browse/DRILL-7647?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Anton Gozhiy closed DRILL-7647.
-------------------------------
> Drill Web server doesn't work with TLS protocol version 1.1
> -----------------------------------------------------------
>
> Key: DRILL-7647
> URL: https://issues.apache.org/jira/browse/DRILL-7647
> Project: Apache Drill
> Issue Type: Bug
> Affects Versions: 1.18.0
> Reporter: Anton Gozhiy
> Assignee: Igor Guzenko
> Priority: Major
>
> *Prerequisites:*
> # Set the following config options:
> * drill.exec.http.ssl_enabled: true
> * drill.exec.ssl.protocol: "*TLSv1.1*"
> * Also:
> ** drill.exec.ssl.trustStorePath
> ** drill.exec.ssl.trustStorePassword
> ** drill.exec.ssl.keyStorePath
> ** keyStorePassword
> * Or, if on MapR platform:
> ** drill.exec.ssl.useMapRSSLConfig: true
> *Steps:*
> # Start Drill
> # Try to open the Web UI
> # Try to connect by an ssl client:
> {noformat}
> openssl s_client -connect node1.cluster.com:8047 -tls1_1
> {noformat}
> *Expected result:*
> It should accept protocol version v1.1
> *Actual results:*
> * Cannot open the Web UI:
> {noformat}
> This site can't provide a secure connection
> node1.cluster.com uses an unsupported protocol.
> ERR_SSL_VERSION_OR_CIPHER_MISMATCH
> {noformat}
> * Openssl client fails to connect using either v1.1 or v1.2 protocols.
> {noformat}
> $ openssl s_client -connect node1.cluster.com:8047 -tls1_1
> CONNECTED(00000003)
> 140310139057816:error:14094410:SSL routines:ssl3_read_bytes:sslv3 alert handshake failure:s3_pkt.c:1487:SSL alert number 40
> 140310139057816:error:1409E0E5:SSL routines:ssl3_write_bytes:ssl handshake failure:s3_pkt.c:656:
> ---
> no peer certificate available
> ---
> No client certificate CA names sent
> ---
> SSL handshake has read 7 bytes and written 0 bytes
> ---
> New, (NONE), Cipher is (NONE)
> Secure Renegotiation IS NOT supported
> Compression: NONE
> Expansion: NONE
> No ALPN negotiated
> SSL-Session:
> Protocol : TLSv1.1
> Cipher : 0000
> Session-ID:
> Session-ID-ctx:
> Master-Key:
> Key-Arg : None
> PSK identity: None
> PSK identity hint: None
> SRP username: None
> Start Time: 1584457371
> Timeout : 7200 (sec)
> Verify return code: 0 (ok)
> ---
> {noformat}
--
This message was sent by Atlassian Jira
(v8.3.4#803005)