[jira] [Created] (MESOS-9797) SSL Ciphersuite settings can break client TLS handshake

Benno Evers (JIRA) Mon, 27 May 2019 03:24:19 -0700

Benno Evers created MESOS-9797:
----------------------------------

             Summary: SSL Ciphersuite settings can break client TLS handshake
                 Key: MESOS-9797
                 URL: https://issues.apache.org/jira/browse/MESOS-9797
             Project: Mesos
          Issue Type: Improvement
         Environment: Ubuntu 18.04 w/ OpenSSL 1.1.0g
            Reporter: Benno Evers



Starting a mesos-agent with the following environment variables:

{noformat}
env GLOG_v=2 LIBPROCESS_SSL_ENABLED=true LIBPROCESS_SSL_ENABLE_DOWNGRADE=false 
LIBPROCESS_SSL_VERIFY_CERT=false 
LIBPROCESS_SSL_CERT_FILE=/etc/ssl/certs/ssl-cert-snakeoil.pem 
LIBPROCESS_SSL_KEY_FILE=/etc/ssl/private/ssl-cert-snakeoil.key 
LIBPROCESS_SSL_CIPHERS=ECDHE-PSK-AES128-CBC-SHA mesos-agent 
--work_dir=/tmp/xxxx --master=127.0.1.1:4447 --systemd_enable_support=false
{noformat}

caused a mesos-agent on my machine (using openssl 1.1.0g) to fail to send a 
ClientHello message after establishing a tcp connection to the given master, 
causing the TLS handshake to fail.

Removing the `LIBPROCESS_SSL_CIPHERS=ECDHE-PSK-AES128-CBC-SHA` variable had the 
agent able to connect normally.

The reason for this still needs to be investigated.



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

[jira] [Created] (MESOS-9797) SSL Ciphersuite settings can break client TLS handshake

Reply via email to