You are viewing a plain text version of this content. The canonical link for it is here.

Posted to issues@mesos.apache.org by "Benno Evers (JIRA)" <ji...@apache.org> on 2019/06/19 14:49:01 UTC

[jira] [Commented] (MESOS-9810) Reject certificate-less ciphers when certificate verification is enabled

    [ https://issues.apache.org/jira/browse/MESOS-9810?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16867726#comment-16867726 ] 

Benno Evers commented on MESOS-9810:
------------------------------------

Review: https://reviews.apache.org/r/70748/

> Reject certificate-less ciphers when certificate verification is enabled
> ------------------------------------------------------------------------
>
>                 Key: MESOS-9810
>                 URL: https://issues.apache.org/jira/browse/MESOS-9810
>             Project: Mesos
>          Issue Type: Task
>            Reporter: Benno Evers
>            Priority: Major
>              Labels: foundations
>
> A TLS server is required by the spec to always send a server certificate, unless an anonymous cipher is used.
> In libprocess, this certificate is verified to be valid and trusted when the flag LIBPROCESS_VERIFY_CERT is set to true.
> However, when an anonymous cipher is used, the server does not present a certificate, meaning the verification step will not happen. If a TLS server would be allowed to use such a cipher, it could trivially sidestep the security provided by certificate verification.
> Therefore, we should always reject connections using anonymous ciphers when certificate verification is enabled.



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)