[
https://issues.apache.org/jira/browse/MESOS-9730?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16829733#comment-16829733
]
Benno Evers commented on MESOS-9730:
------------------------------------
{noformat}
commit 4fa4f77549b43285cac974111a5a3f28828a19d8
Author: Stéphane Cottin <stephane.cot...@vixns.com>
Date: Mon Apr 29 13:28:06 2019 +0200
Documented LIBPROCESS_SSL_ENABLE_TLS_V1_3.
Updated documentation about `LIBPROCESS_SSL_ENABLE_TLS_V1_3` and TLS1.3.
Review: https://reviews.apache.org/r/70563/
commit 712ee298800e257050d01b69abeaf3c4bc7d12ee
Author: Stéphane Cottin <stephane.cot...@vixns.com>
Date: Mon Apr 29 13:27:04 2019 +0200
Added LIBPROCESS_SSL_ENABLE_TLS_V1_3 environment variable.
When building mesos with libopenssl >= 1.1.1, TLS1.3 is enabled by
default. This causes major communication issues between executors
and agents.
This patch adds a new `LIBPROCESS_SSL_ENABLE_TLS_V1_3` env var,
disabled by default. It should be changed to enabled by default when
full openssl >= 1.1 support will land.
Review: https://reviews.apache.org/r/70562/
{noformat}
Also backported the patches to 1.8.x branch.
> Executors cannot reconnect with agents using TLS1.3
> ---------------------------------------------------
>
> Key: MESOS-9730
> URL: https://issues.apache.org/jira/browse/MESOS-9730
> Project: Mesos
> Issue Type: Bug
> Components: libprocess
> Affects Versions: 1.8.0
> Reporter: Stéphane Cottin
> Assignee: Stéphane Cottin
> Priority: Major
> Labels: integration, ssl
>
> TLS 1.3 support is enabled by default from openssl >= 1.1.0
> Executors do not reconnect with agents after restart when using TLS 1.3, and
> I guess this should also affect master/slave communication.
> suggested action :
> add a `LIBPROCESS_SSL_ENABLE_TLS_V1_3` environment variable with a `false`
> default, and apply `SSL_OP_NO_TLSv1_3` ssl option when building with openssl
> >= 1.1.0
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
