[
https://issues.apache.org/jira/browse/MESOS-9810?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16867726#comment-16867726
]
Benno Evers commented on MESOS-9810:
------------------------------------
Review: https://reviews.apache.org/r/70748/
> Reject certificate-less ciphers when certificate verification is enabled
> ------------------------------------------------------------------------
>
> Key: MESOS-9810
> URL: https://issues.apache.org/jira/browse/MESOS-9810
> Project: Mesos
> Issue Type: Task
> Reporter: Benno Evers
> Priority: Major
> Labels: foundations
>
> A TLS server is required by the spec to always send a server certificate,
> unless an anonymous cipher is used.
> In libprocess, this certificate is verified to be valid and trusted when the
> flag LIBPROCESS_VERIFY_CERT is set to true.
> However, when an anonymous cipher is used, the server does not present a
> certificate, meaning the verification step will not happen. If a TLS server
> would be allowed to use such a cipher, it could trivially sidestep the
> security provided by certificate verification.
> Therefore, we should always reject connections using anonymous ciphers when
> certificate verification is enabled.
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
