Uploaded image for project: 'Kudu'
  1. Kudu
  2. KUDU-2871

TLS 1.3 not supported by krpc

    XMLWordPrintableJSON

    Details

    • Type: Bug
    • Status: Open
    • Priority: Major
    • Resolution: Unresolved
    • Affects Version/s: 1.8.0, 1.9.0, 1.9.1
    • Fix Version/s: None
    • Component/s: master, rpc, security, tserver
    • Labels:
      None

      Description

      The TLS negotiation in our RPC protocol assumes a whole number of round trips between client and server. For TLS 1.3, the exchange has 1.5 round trips (the client is the last sender rather than the server) which breaks negotiation. Most tests thus fail with OpenSSL 1.1.1.

      We should temporarily disable TLS 1.3 and then fix RPC to support this.

        Attachments

          Issue Links

            Activity

              People

              • Assignee:
                Unassigned
                Reporter:
                tlipcon Todd Lipcon
              • Votes:
                0 Vote for this issue
                Watchers:
                2 Start watching this issue

                Dates

                • Created:
                  Updated: