[
https://issues.apache.org/jira/browse/IGNITE-15337?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17476898#comment-17476898
]
Igor Sapego commented on IGNITE-15337:
--------------------------------------
I've got to the roots of the issue, and this seems to be a server-side issue.
In short, in TLS 1.3 unlike TLS 1.2 client considers handshake complete when
server has not yet complete configuring ciphers. This may cause (and causes)
situations, when client send application layer data to server alongside with
ChangeCipherSpec message. But on the server side we do not consider this
possibility and do not process any data in receive buffer after handshake is
complete, even if it's not empty.
P.S. Changing ticket summary accordingly and adding patch.
> CPP: ODBC ssl tests randomly fails on openssl 1.1.1f
> ----------------------------------------------------
>
> Key: IGNITE-15337
> URL: https://issues.apache.org/jira/browse/IGNITE-15337
> Project: Ignite
> Issue Type: Bug
> Reporter: Ivan Daschinsky
> Priority: Major
> Attachments: debug_ssl.patch, odbc-trace.log, python_tls_1_3.patch,
> test.log
>
>
> ODBC ssl tests randomly (ubuntu 20.04) or constantly (win 10) fails on
> openssl 1.1.1k with failed handshake.
> On openssl without tls 1.3 support all works flawlessly.
> WA: disable TLS 1.3 on ignite side
> {code}
> -Djdk.tls.server.protocols=TLSv1.2
> {code}
> It will be also great to implement an ability to set TLS version on C++,
> nowadays default one is choosen.
--
This message was sent by Atlassian Jira
(v8.20.1#820001)
