You are viewing a plain text version of this content. The canonical link for it is here.

Posted to issues@mesos.apache.org by "Benno Evers (JIRA)" <ji...@apache.org> on 2019/06/03 22:56:00 UTC

[jira] [Created] (MESOS-9810) Reject certificate-less ciphers when certificate verification is enabled

Benno Evers created MESOS-9810:
----------------------------------

             Summary: Reject certificate-less ciphers when certificate verification is enabled
                 Key: MESOS-9810
                 URL: https://issues.apache.org/jira/browse/MESOS-9810
             Project: Mesos
          Issue Type: Task
            Reporter: Benno Evers


A TLS server is required by the spec to always send a server certificate, unless an anonymous cipher is used.

In libprocess, this certificate is verified to be valid and trusted when the flag LIBPROCESS_VERIFY_CERT is set to true.

However, when an anonymous cipher is used, the server does not present a certificate, meaning the verification step will not happen. If a TLS server would be allowed to use such a cipher, it could trivially sidestep the security provided by certificate verification.

Therefore, we should always reject connections using anonymous ciphers when certificate verification is enabled.



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)