[ https://issues.apache.org/jira/browse/DRILL-7647?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Anton Gozhiy reassigned DRILL-7647: ----------------------------------- Assignee: Igor Guzenko > Drill Web server doesn't work with TLS protocol version 1.1 > ----------------------------------------------------------- > > Key: DRILL-7647 > URL: https://issues.apache.org/jira/browse/DRILL-7647 > Project: Apache Drill > Issue Type: Bug > Affects Versions: 1.18.0 > Reporter: Anton Gozhiy > Assignee: Igor Guzenko > Priority: Major > > *Prerequisites:* > # Set the following config options: > * drill.exec.http.ssl_enabled: true > * drill.exec.ssl.protocol: "*TLSv1.1*" > * Also: > ** drill.exec.ssl.trustStorePath > ** drill.exec.ssl.trustStorePassword > ** drill.exec.ssl.keyStorePath > ** keyStorePassword > * Or, if on MapR platform: > ** drill.exec.ssl.useMapRSSLConfig: true > *Steps:* > # Start Drill > # Try to open the Web UI > # Try to connect by an ssl client: > {noformat} > openssl s_client -connect node1.cluster.com:8047 -tls1_1 > {noformat} > *Expected result:* > It should accept protocol version v1.1 > *Actual results:* > * Cannot open the Web UI: > {noformat} > This site can't provide a secure connection > node1.cluster.com uses an unsupported protocol. > ERR_SSL_VERSION_OR_CIPHER_MISMATCH > {noformat} > * Openssl client fails to connect using either v1.1 or v1.2 protocols. > {noformat} > $ openssl s_client -connect node1.cluster.com:8047 -tls1_1 > CONNECTED(00000003) > 140310139057816:error:14094410:SSL routines:ssl3_read_bytes:sslv3 alert > handshake failure:s3_pkt.c:1487:SSL alert number 40 > 140310139057816:error:1409E0E5:SSL routines:ssl3_write_bytes:ssl handshake > failure:s3_pkt.c:656: > --- > no peer certificate available > --- > No client certificate CA names sent > --- > SSL handshake has read 7 bytes and written 0 bytes > --- > New, (NONE), Cipher is (NONE) > Secure Renegotiation IS NOT supported > Compression: NONE > Expansion: NONE > No ALPN negotiated > SSL-Session: > Protocol : TLSv1.1 > Cipher : 0000 > Session-ID: > Session-ID-ctx: > Master-Key: > Key-Arg : None > PSK identity: None > PSK identity hint: None > SRP username: None > Start Time: 1584457371 > Timeout : 7200 (sec) > Verify return code: 0 (ok) > --- > {noformat} -- This message was sent by Atlassian Jira (v8.3.4#803005)