You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@drill.apache.org by "Anton Gozhiy (Jira)" <ji...@apache.org> on 2020/03/17 17:57:00 UTC

[jira] [Created] (DRILL-7647) Drill Web server doesn't work with TLS protocol version 1.1

Anton Gozhiy created DRILL-7647:
-----------------------------------

             Summary: Drill Web server doesn't work with TLS protocol version 1.1
                 Key: DRILL-7647
                 URL: https://issues.apache.org/jira/browse/DRILL-7647
             Project: Apache Drill
          Issue Type: Bug
    Affects Versions: 1.18.0
            Reporter: Anton Gozhiy


*Prerequisites:*
# Set the following config options:
* drill.exec.http.ssl_enabled: true
* drill.exec.ssl.protocol: "*TLSv1.1*"
* Also:
** drill.exec.ssl.trustStorePath
** drill.exec.ssl.trustStorePassword
** drill.exec.ssl.keyStorePath
** keyStorePassword
* Or, if on MapR platform: 
** drill.exec.ssl.useMapRSSLConfig: true

*Steps:*
# Start Drill
# Try to open the Web UI
# Try to connect by an ssl client:
{noformat}
openssl s_client -connect node1.cluster.com:8047 -tls1_1
{noformat}

*Expected result:*
It should accept protocol version v1.1

*Actual results:*
* Cannot open the Web UI:
{noformat}
This site can't provide a secure connection
node1.cluster.com uses an unsupported protocol.
ERR_SSL_VERSION_OR_CIPHER_MISMATCH
{noformat}
* Openssl client fails to connect using either v1.1 or v1.2 protocols.
{noformat}
$ openssl s_client -connect node1.cluster.com:8047 -tls1_1
CONNECTED(00000003)
140310139057816:error:14094410:SSL routines:ssl3_read_bytes:sslv3 alert handshake failure:s3_pkt.c:1487:SSL alert number 40
140310139057816:error:1409E0E5:SSL routines:ssl3_write_bytes:ssl handshake failure:s3_pkt.c:656:
---
no peer certificate available
---
No client certificate CA names sent
---
SSL handshake has read 7 bytes and written 0 bytes
---
New, (NONE), Cipher is (NONE)
Secure Renegotiation IS NOT supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
SSL-Session:
    Protocol  : TLSv1.1
    Cipher    : 0000
    Session-ID: 
    Session-ID-ctx: 
    Master-Key: 
    Key-Arg   : None
    PSK identity: None
    PSK identity hint: None
    SRP username: None
    Start Time: 1584457371
    Timeout   : 7200 (sec)
    Verify return code: 0 (ok)
---
{noformat}




--
This message was sent by Atlassian Jira
(v8.3.4#803005)