Uploaded image for project: 'Kudu'
  1. Kudu
  2. KUDU-2871

TLS 1.3 not supported by krpc

Attach filesAttach ScreenshotVotersWatch issueWatchersCreate sub-taskLinkCloneUpdate Comment AuthorReplace String in CommentUpdate Comment VisibilityDelete Comments
    XMLWordPrintableJSON

Details

    • Bug
    • Status: Resolved
    • Major
    • Resolution: Fixed
    • 1.8.0, 1.9.0, 1.9.1
    • 1.15.0
    • master, rpc, security, tserver
    • None

    Description

      The TLS negotiation in our RPC protocol assumes a whole number of round trips between client and server. For TLS 1.3, the exchange has 1.5 round trips (the client is the last sender rather than the server) which breaks negotiation. Most tests thus fail with OpenSSL 1.1.1.

      We should temporarily disable TLS 1.3 and then fix RPC to support this.

      Attachments

        Issue Links

        Activity

          This comment will be Viewable by All Users Viewable by All Users
          Cancel

          People

            aserbin Alexey Serbin
            tlipcon Todd Lipcon
            Votes:
            0 Vote for this issue
            Watchers:
            4 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved:

              Issue deployment