You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@mesos.apache.org by "Benno Evers (JIRA)" <ji...@apache.org> on 2019/05/27 10:24:00 UTC
[jira] [Created] (MESOS-9797) SSL Ciphersuite settings can break
client TLS handshake
Benno Evers created MESOS-9797:
----------------------------------
Summary: SSL Ciphersuite settings can break client TLS handshake
Key: MESOS-9797
URL: https://issues.apache.org/jira/browse/MESOS-9797
Project: Mesos
Issue Type: Improvement
Environment: Ubuntu 18.04 w/ OpenSSL 1.1.0g
Reporter: Benno Evers
Starting a mesos-agent with the following environment variables:
{noformat}
env GLOG_v=2 LIBPROCESS_SSL_ENABLED=true LIBPROCESS_SSL_ENABLE_DOWNGRADE=false LIBPROCESS_SSL_VERIFY_CERT=false LIBPROCESS_SSL_CERT_FILE=/etc/ssl/certs/ssl-cert-snakeoil.pem LIBPROCESS_SSL_KEY_FILE=/etc/ssl/private/ssl-cert-snakeoil.key LIBPROCESS_SSL_CIPHERS=ECDHE-PSK-AES128-CBC-SHA mesos-agent --work_dir=/tmp/xxxx --master=127.0.1.1:4447 --systemd_enable_support=false
{noformat}
caused a mesos-agent on my machine (using openssl 1.1.0g) to fail to send a ClientHello message after establishing a tcp connection to the given master, causing the TLS handshake to fail.
Removing the `LIBPROCESS_SSL_CIPHERS=ECDHE-PSK-AES128-CBC-SHA` variable had the agent able to connect normally.
The reason for this still needs to be investigated.
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)