You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@ignite.apache.org by "Ilya Kasnacheev (Jira)" <ji...@apache.org> on 2020/05/29 09:18:00 UTC
[jira] [Commented] (IGNITE-11298) TcpCommunicationSpi does not
support TLSv1.3
[ https://issues.apache.org/jira/browse/IGNITE-11298?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17119425#comment-17119425 ]
Ilya Kasnacheev commented on IGNITE-11298:
------------------------------------------
From SO:
Your fix only covers the case where the NewSessionTicket message immediately follows the incoming Finished message. It can come in at any time after that. See RFC 8446 #4.6. Your engine-handling code should handle this message seamlessly without requiring special cases.
> TcpCommunicationSpi does not support TLSv1.3
> --------------------------------------------
>
> Key: IGNITE-11298
> URL: https://issues.apache.org/jira/browse/IGNITE-11298
> Project: Ignite
> Issue Type: Bug
> Components: general
> Affects Versions: 2.7
> Reporter: Ilya Kasnacheev
> Assignee: Vitaliy Biryukov
> Priority: Major
> Labels: Java11
> Fix For: 2.8
>
> Time Spent: 20m
> Remaining Estimate: 0h
>
> When started on Java 11 we cannot form a secure cluster - Discovery will happily use the default TLSv1.3 but Communication will fail with its custom SSLEngine-using code.
> Need to fix that.
> Until that, nodes may be salvaged by setProtocol("TLSv1.2") on SslContextFactory, or by system property -Djdk.tls.client.protocols="TLSv1.2"
--
This message was sent by Atlassian Jira
(v8.3.4#803005)