-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/60913/
-----------------------------------------------------------
(Updated July 17, 2017, 5:31 p.m.)
Review request for mesos, Jie Yu and Till Toenshoff.
Bugs: MESOS-7792
https://issues.apache.org/jira/browse/MESOS-7792
Repository: mesos
Description
-------
Support for Elliptic Curve Diffie Hellman algorithm requires extra
configuration parameters which weren't part of Mesos.
This patch enables the extra configuration to Mesos in order to
support ECDH algorithm, it also adds the ssl flag
`LIBPROCESS_SSL_ECDH_CURVES` which allows for the specification of
a specific elliptic curve.
Diffs
-----
3rdparty/libprocess/include/process/ssl/flags.hpp
13fa7a0cc9d6d6d6849976a3ce383263c51504d7
3rdparty/libprocess/src/openssl.cpp e6f17e4591f573186e1dc9697e1e7b60a841fe4f
Diff: https://reviews.apache.org/r/60913/diff/2/
Testing (updated)
-------
Launched Mesos with only ECDHE handshake ciphers enabled, then reached mesos
with different browsers and command line tools.
```shell
LIBPROCESS_SSL_ENABLED=1 \
LIBPROCESS_SSL_KEY_FILE=/tmp/ssl/self-signed.key \
LIBPROCESS_SSL_CERT_FILE=/tmp/ssl/self-signed.crt \
LIBPROCESS_SSL_CIPHERS="ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA"
\
./bin/mesos-master.sh \
--work_dir=/tmp/mesos/master \
--log_dir=/tmp/mesos/master/log
```
Unit test coming.
Thanks,
Alexander Rojas
