[
https://issues.apache.org/jira/browse/KUDU-2871?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16868839#comment-16868839
]
Alexey Serbin commented on KUDU-2871:
-------------------------------------
The temporary fix of pegging max TLS version to TLSv1.2 has been submitted into
the main trunk and branch-1.10.x of the Kudu git repo:
* https://github.com/apache/kudu/commit/efc3f372e8b9254ab6b65d1f884381016329611c
* https://github.com/apache/kudu/commit/86a0dc29fcfd3b6fd2eb8089839e0379b8dd62f4
> TLS 1.3 not supported by krpc
> -----------------------------
>
> Key: KUDU-2871
> URL: https://issues.apache.org/jira/browse/KUDU-2871
> Project: Kudu
> Issue Type: Bug
> Components: master, rpc, security, tserver
> Affects Versions: 1.8.0, 1.9.0, 1.9.1
> Reporter: Todd Lipcon
> Priority: Major
>
> The TLS negotiation in our RPC protocol assumes a whole number of round trips
> between client and server. For TLS 1.3, the exchange has 1.5 round trips (the
> client is the last sender rather than the server) which breaks negotiation.
> Most tests thus fail with OpenSSL 1.1.1.
> We should temporarily disable TLS 1.3 and then fix RPC to support this.
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
