[
https://issues.apache.org/jira/browse/KUDU-2871?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16868323#comment-16868323
]
Alexey Serbin commented on KUDU-2871:
-------------------------------------
Some useful info on TLSv1.3 w.r.t. what it entails for ciphers, ABI
compatibility, etc: https://www.openssl.org/blog/blog/2017/05/04/tlsv1.3/
> TLS 1.3 not supported by krpc
> -----------------------------
>
> Key: KUDU-2871
> URL: https://issues.apache.org/jira/browse/KUDU-2871
> Project: Kudu
> Issue Type: Bug
> Components: rpc, security
> Reporter: Todd Lipcon
> Priority: Major
>
> The TLS negotiation in our RPC protocol assumes a whole number of round trips
> between client and server. For TLS 1.3, the exchange has 1.5 round trips (the
> client is the last sender rather than the server) which breaks negotiation.
> Most tests thus fail with OpenSSL 1.1.1.
> We should temporarily disable TLS 1.3 and then fix RPC to support this.
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
