You are viewing a plain text version of this content. The canonical link for it is here.

Posted to issues@mesos.apache.org by "Benno Evers (JIRA)" <ji...@apache.org> on 2019/05/27 10:24:00 UTC

[jira] [Created] (MESOS-9797) SSL Ciphersuite settings can break client TLS handshake

Benno Evers created MESOS-9797:
----------------------------------

             Summary: SSL Ciphersuite settings can break client TLS handshake
                 Key: MESOS-9797
                 URL: https://issues.apache.org/jira/browse/MESOS-9797
             Project: Mesos
          Issue Type: Improvement
         Environment: Ubuntu 18.04 w/ OpenSSL 1.1.0g
            Reporter: Benno Evers


Starting a mesos-agent with the following environment variables:

{noformat}
env GLOG_v=2 LIBPROCESS_SSL_ENABLED=true LIBPROCESS_SSL_ENABLE_DOWNGRADE=false LIBPROCESS_SSL_VERIFY_CERT=false LIBPROCESS_SSL_CERT_FILE=/etc/ssl/certs/ssl-cert-snakeoil.pem LIBPROCESS_SSL_KEY_FILE=/etc/ssl/private/ssl-cert-snakeoil.key LIBPROCESS_SSL_CIPHERS=ECDHE-PSK-AES128-CBC-SHA mesos-agent --work_dir=/tmp/xxxx --master=127.0.1.1:4447 --systemd_enable_support=false
{noformat}

caused a mesos-agent on my machine (using openssl 1.1.0g) to fail to send a ClientHello message after establishing a tcp connection to the given master, causing the TLS handshake to fail.

Removing the `LIBPROCESS_SSL_CIPHERS=ECDHE-PSK-AES128-CBC-SHA` variable had the agent able to connect normally.

The reason for this still needs to be investigated.



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)