[
https://issues.apache.org/jira/browse/MESOS-9730?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16818404#comment-16818404
]
Stéphane Cottin commented on MESOS-9730:
----------------------------------------
Many stable linux distributions have OpenSSL 1.1.x (Debian >= stretch, Ubuntu
>= bionic and others )
Silently set the SSL_OP_NO_TLSv1_3 option if defined is a few lines change with
no side effect which can help a lot of users.
This could/should also be backported to older versions.
The final goal is to fully support [OpenSSL
1.1.x|https://wiki.openssl.org/index.php/OpenSSL_1.1.0_Changes] and
[TLS1.3|https://wiki.openssl.org/index.php/TLS1.3]
> Executors cannot reconnect with agents using TLS1.3
> ---------------------------------------------------
>
> Key: MESOS-9730
> URL: https://issues.apache.org/jira/browse/MESOS-9730
> Project: Mesos
> Issue Type: Bug
> Components: libprocess
> Affects Versions: 1.8.0
> Reporter: Stéphane Cottin
> Priority: Major
> Labels: integration, ssl
>
> TLS 1.3 support is enabled by default from openssl >= 1.1.0
> Executors do not reconnect with agents after restart when using TLS 1.3, and
> I guess this should also affect master/slave communication.
> suggested action :
> add a `LIBPROCESS_SSL_ENABLE_TLS_V1_3` environment variable with a `false`
> default, and apply `SSL_OP_NO_TLSv1_3` ssl option when building with openssl
> >= 1.1.0
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
