Benno Evers created MESOS-9797:
----------------------------------
Summary: SSL Ciphersuite settings can break client TLS handshake
Key: MESOS-9797
URL: https://issues.apache.org/jira/browse/MESOS-9797
Project: Mesos
Issue Type: Improvement
Environment: Ubuntu 18.04 w/ OpenSSL 1.1.0g
Reporter: Benno Evers
Starting a mesos-agent with the following environment variables:
{noformat}
env GLOG_v=2 LIBPROCESS_SSL_ENABLED=true LIBPROCESS_SSL_ENABLE_DOWNGRADE=false
LIBPROCESS_SSL_VERIFY_CERT=false
LIBPROCESS_SSL_CERT_FILE=/etc/ssl/certs/ssl-cert-snakeoil.pem
LIBPROCESS_SSL_KEY_FILE=/etc/ssl/private/ssl-cert-snakeoil.key
LIBPROCESS_SSL_CIPHERS=ECDHE-PSK-AES128-CBC-SHA mesos-agent
--work_dir=/tmp/xxxx --master=127.0.1.1:4447 --systemd_enable_support=false
{noformat}
caused a mesos-agent on my machine (using openssl 1.1.0g) to fail to send a
ClientHello message after establishing a tcp connection to the given master,
causing the TLS handshake to fail.
Removing the `LIBPROCESS_SSL_CIPHERS=ECDHE-PSK-AES128-CBC-SHA` variable had the
agent able to connect normally.
The reason for this still needs to be investigated.
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
