[ https://issues.apache.org/jira/browse/KUDU-2871?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16868323#comment-16868323 ]
Alexey Serbin commented on KUDU-2871: ------------------------------------- Some useful info on TLSv1.3 w.r.t. what it entails for ciphers, ABI compatibility, etc: https://www.openssl.org/blog/blog/2017/05/04/tlsv1.3/ > TLS 1.3 not supported by krpc > ----------------------------- > > Key: KUDU-2871 > URL: https://issues.apache.org/jira/browse/KUDU-2871 > Project: Kudu > Issue Type: Bug > Components: rpc, security > Reporter: Todd Lipcon > Priority: Major > > The TLS negotiation in our RPC protocol assumes a whole number of round trips > between client and server. For TLS 1.3, the exchange has 1.5 round trips (the > client is the last sender rather than the server) which breaks negotiation. > Most tests thus fail with OpenSSL 1.1.1. > We should temporarily disable TLS 1.3 and then fix RPC to support this. -- This message was sent by Atlassian JIRA (v7.6.3#76005)