[ https://issues.apache.org/jira/browse/MESOS-9730?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16829733#comment-16829733 ]
Benno Evers commented on MESOS-9730: ------------------------------------ {noformat} commit 4fa4f77549b43285cac974111a5a3f28828a19d8 Author: Stéphane Cottin <stephane.cot...@vixns.com> Date: Mon Apr 29 13:28:06 2019 +0200 Documented LIBPROCESS_SSL_ENABLE_TLS_V1_3. Updated documentation about `LIBPROCESS_SSL_ENABLE_TLS_V1_3` and TLS1.3. Review: https://reviews.apache.org/r/70563/ commit 712ee298800e257050d01b69abeaf3c4bc7d12ee Author: Stéphane Cottin <stephane.cot...@vixns.com> Date: Mon Apr 29 13:27:04 2019 +0200 Added LIBPROCESS_SSL_ENABLE_TLS_V1_3 environment variable. When building mesos with libopenssl >= 1.1.1, TLS1.3 is enabled by default. This causes major communication issues between executors and agents. This patch adds a new `LIBPROCESS_SSL_ENABLE_TLS_V1_3` env var, disabled by default. It should be changed to enabled by default when full openssl >= 1.1 support will land. Review: https://reviews.apache.org/r/70562/ {noformat} Also backported the patches to 1.8.x branch. > Executors cannot reconnect with agents using TLS1.3 > --------------------------------------------------- > > Key: MESOS-9730 > URL: https://issues.apache.org/jira/browse/MESOS-9730 > Project: Mesos > Issue Type: Bug > Components: libprocess > Affects Versions: 1.8.0 > Reporter: Stéphane Cottin > Assignee: Stéphane Cottin > Priority: Major > Labels: integration, ssl > > TLS 1.3 support is enabled by default from openssl >= 1.1.0 > Executors do not reconnect with agents after restart when using TLS 1.3, and > I guess this should also affect master/slave communication. > suggested action : > add a `LIBPROCESS_SSL_ENABLE_TLS_V1_3` environment variable with a `false` > default, and apply `SSL_OP_NO_TLSv1_3` ssl option when building with openssl > >= 1.1.0 -- This message was sent by Atlassian JIRA (v7.6.3#76005)