You are viewing a plain text version of this content. The canonical link for it is here.

Posted to issues@drill.apache.org by "Anton Gozhiy (Jira)" <ji...@apache.org> on 2020/03/17 17:58:00 UTC

[jira] [Assigned] (DRILL-7647) Drill Web server doesn't work with TLS protocol version 1.1

     [ https://issues.apache.org/jira/browse/DRILL-7647?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Anton Gozhiy reassigned DRILL-7647:
-----------------------------------

    Assignee: Igor Guzenko

> Drill Web server doesn't work with TLS protocol version 1.1
> -----------------------------------------------------------
>
>                 Key: DRILL-7647
>                 URL: https://issues.apache.org/jira/browse/DRILL-7647
>             Project: Apache Drill
>          Issue Type: Bug
>    Affects Versions: 1.18.0
>            Reporter: Anton Gozhiy
>            Assignee: Igor Guzenko
>            Priority: Major
>
> *Prerequisites:*
> # Set the following config options:
> * drill.exec.http.ssl_enabled: true
> * drill.exec.ssl.protocol: "*TLSv1.1*"
> * Also:
> ** drill.exec.ssl.trustStorePath
> ** drill.exec.ssl.trustStorePassword
> ** drill.exec.ssl.keyStorePath
> ** keyStorePassword
> * Or, if on MapR platform: 
> ** drill.exec.ssl.useMapRSSLConfig: true
> *Steps:*
> # Start Drill
> # Try to open the Web UI
> # Try to connect by an ssl client:
> {noformat}
> openssl s_client -connect node1.cluster.com:8047 -tls1_1
> {noformat}
> *Expected result:*
> It should accept protocol version v1.1
> *Actual results:*
> * Cannot open the Web UI:
> {noformat}
> This site can't provide a secure connection
> node1.cluster.com uses an unsupported protocol.
> ERR_SSL_VERSION_OR_CIPHER_MISMATCH
> {noformat}
> * Openssl client fails to connect using either v1.1 or v1.2 protocols.
> {noformat}
> $ openssl s_client -connect node1.cluster.com:8047 -tls1_1
> CONNECTED(00000003)
> 140310139057816:error:14094410:SSL routines:ssl3_read_bytes:sslv3 alert handshake failure:s3_pkt.c:1487:SSL alert number 40
> 140310139057816:error:1409E0E5:SSL routines:ssl3_write_bytes:ssl handshake failure:s3_pkt.c:656:
> ---
> no peer certificate available
> ---
> No client certificate CA names sent
> ---
> SSL handshake has read 7 bytes and written 0 bytes
> ---
> New, (NONE), Cipher is (NONE)
> Secure Renegotiation IS NOT supported
> Compression: NONE
> Expansion: NONE
> No ALPN negotiated
> SSL-Session:
>     Protocol  : TLSv1.1
>     Cipher    : 0000
>     Session-ID: 
>     Session-ID-ctx: 
>     Master-Key: 
>     Key-Arg   : None
>     PSK identity: None
>     PSK identity hint: None
>     SRP username: None
>     Start Time: 1584457371
>     Timeout   : 7200 (sec)
>     Verify return code: 0 (ok)
> ---
> {noformat}



--
This message was sent by Atlassian Jira
(v8.3.4#803005)