[ https://issues.apache.org/jira/browse/MESOS-9730?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16818404#comment-16818404 ]
Stéphane Cottin commented on MESOS-9730: ---------------------------------------- Many stable linux distributions have OpenSSL 1.1.x (Debian >= stretch, Ubuntu >= bionic and others ) Silently set the SSL_OP_NO_TLSv1_3 option if defined is a few lines change with no side effect which can help a lot of users. This could/should also be backported to older versions. The final goal is to fully support [OpenSSL 1.1.x|https://wiki.openssl.org/index.php/OpenSSL_1.1.0_Changes] and [TLS1.3|https://wiki.openssl.org/index.php/TLS1.3] > Executors cannot reconnect with agents using TLS1.3 > --------------------------------------------------- > > Key: MESOS-9730 > URL: https://issues.apache.org/jira/browse/MESOS-9730 > Project: Mesos > Issue Type: Bug > Components: libprocess > Affects Versions: 1.8.0 > Reporter: Stéphane Cottin > Priority: Major > Labels: integration, ssl > > TLS 1.3 support is enabled by default from openssl >= 1.1.0 > Executors do not reconnect with agents after restart when using TLS 1.3, and > I guess this should also affect master/slave communication. > suggested action : > add a `LIBPROCESS_SSL_ENABLE_TLS_V1_3` environment variable with a `false` > default, and apply `SSL_OP_NO_TLSv1_3` ssl option when building with openssl > >= 1.1.0 -- This message was sent by Atlassian JIRA (v7.6.3#76005)