Back to bug 1333415
| Who | When | What | Removed | Added |
|---|---|---|---|---|
| Jaroslav Suchanek | 2016-05-18 11:55:01 UTC | Status | NEW | ASSIGNED |
| Assignee | libvirt-maint | jtomko | ||
| Ján Tomko | 2016-05-19 11:58:41 UTC | Component | libvirt | gnutls |
| Assignee | jtomko | nmavrogi | ||
| Summary | libvirtd allows SSLv3 connections and poor ciphers | gnutls_set_default_priority allows SSLv3 connections and poor ciphers | ||
| QA Contact | virt-bugs | qe-baseos-security | ||
| Nikos Mavrogiannopoulos | 2016-05-24 12:18:46 UTC | Component | gnutls | libvirt |
| Assignee | nmavrogi | libvirt-maint | ||
| Summary | gnutls_set_default_priority allows SSLv3 connections and poor ciphers | libvirtd allows SSLv3 connections and poor ciphers | ||
| QA Contact | qe-baseos-security | virt-bugs | ||
| Nikos Mavrogiannopoulos | 2016-05-24 12:19:12 UTC | Blocks | 1339222 | |
| Jaroslav Suchanek | 2016-05-30 13:13:57 UTC | Status | ASSIGNED | CLOSED |
| CC | jsuchane | |||
| Resolution | --- | WONTFIX | ||
| Last Closed | 2016-05-30 09:13:57 UTC | |||
| Miroslav Grepl | 2016-06-13 07:55:49 UTC | Blocks | 1343211 | |
| Daniel Berrangé | 2016-06-13 09:01:21 UTC | Status | CLOSED | NEW |
| CC | berrange | |||
| Resolution | WONTFIX | --- | ||
| Keywords | Reopened | |||
| Jaroslav Suchanek | 2016-06-16 13:32:22 UTC | Status | NEW | ASSIGNED |
| Assignee | libvirt-maint | jtomko | ||
| Chris Williams | 2016-07-14 15:26:24 UTC | Blocks | 1269194 | |
| yalzhang | 2016-07-29 01:26:11 UTC | Blocks | 1359965 | |
| Amnon Ilan | 2016-08-16 11:10:51 UTC | Blocks | 1364808 | |
| Amnon Ilan | 2016-08-16 11:11:41 UTC | CC | ailan | |
| yalzhang | 2016-08-18 03:42:25 UTC | CC | yalzhang | |
| Ján Tomko | 2016-09-27 11:48:08 UTC | Status | ASSIGNED | POST |
| Jiri Denemark | 2016-10-13 09:20:00 UTC | Status | POST | MODIFIED |
| Fixed In Version | libvirt-0.10.2-61.el6 | |||
| errata-xmlrpc | 2016-10-13 09:23:36 UTC | Status | MODIFIED | ON_QA |
| Xuesong Zhang | 2016-10-25 12:34:48 UTC | CC | xuzhang | |
| QA Contact | virt-bugs | yafu | ||
| yafu | 2016-11-08 09:39:38 UTC | Status | ON_QA | VERIFIED |
| yafu | 2016-11-14 05:06:46 UTC | CC | yafu | |
| Lenka Špačková | 2016-12-06 15:34:22 UTC | Docs Contact | jherrman | |
| Jiri Herrmann | 2016-12-07 15:04:29 UTC | CC | jtomko | |
| Flags | needinfo?(jtomko) | |||
| Ján Tomko | 2016-12-12 16:16:02 UTC | Doc Text | Cause: Libvirt was depending on gnutls's hardcoded cipher defaults. Consequence: It was not possible to forbid weak ciphers. Fix: Introduce a config option in libvirtd.conf and libvirt.conf as well as the tls_priority to libvirt URIs. Result: The list of used ciphers can be customized to exclude weak ciphers. | |
| Flags | needinfo?(jtomko) | |||
| Yehuda Zimmerman | 2016-12-27 12:05:33 UTC | Doc Text | Cause: Libvirt was depending on gnutls's hardcoded cipher defaults. Consequence: It was not possible to forbid weak ciphers. Fix: Introduce a config option in libvirtd.conf and libvirt.conf as well as the tls_priority to libvirt URIs. Result: The list of used ciphers can be customized to exclude weak ciphers. | Configuration options can be used to exclude weak ciphers Previously, _libvirt_ depended on the hard-coded cipher defaults in _gnutl_. This made it possible to use weak ciphers. With this update, configuration options were added to `libvirtd.conf` and `libvirt.conf` that can exclude weak ciphers. In addition, TLS priority support was added to _libvirt_ URIs. As a a result, the list of used ciphers can be customized to exclude weak ciphers. |
| Flags | needinfo?(jtomko) | |||
| Yehuda Zimmerman | 2016-12-27 12:07:00 UTC | Flags | needinfo?(jtomko) | |
| Yehuda Zimmerman | 2017-01-02 10:01:49 UTC | Docs Contact | jherrman | yzimmerm |
| Ján Tomko | 2017-01-09 13:38:26 UTC | Doc Text | Configuration options can be used to exclude weak ciphers Previously, _libvirt_ depended on the hard-coded cipher defaults in _gnutl_. This made it possible to use weak ciphers. With this update, configuration options were added to `libvirtd.conf` and `libvirt.conf` that can exclude weak ciphers. In addition, TLS priority support was added to _libvirt_ URIs. As a a result, the list of used ciphers can be customized to exclude weak ciphers. | Configuration options can be used to exclude weak ciphers Previously, _libvirt_ depended on the hard-coded cipher defaults in _gnutls_. This made it possible to use weak ciphers. With this update, configuration options were added to `libvirtd.conf` and `libvirt.conf` that can exclude weak ciphers. In addition, TLS priority support was added to _libvirt_ URIs. As a a result, the list of used ciphers can be customized to exclude weak ciphers. |
| Flags | needinfo?(jtomko) needinfo?(jtomko) | |||
| Yehuda Zimmerman | 2017-01-11 08:48:13 UTC | Doc Text | Configuration options can be used to exclude weak ciphers Previously, _libvirt_ depended on the hard-coded cipher defaults in _gnutls_. This made it possible to use weak ciphers. With this update, configuration options were added to `libvirtd.conf` and `libvirt.conf` that can exclude weak ciphers. In addition, TLS priority support was added to _libvirt_ URIs. As a a result, the list of used ciphers can be customized to exclude weak ciphers. | Configuration options can be used to exclude weak ciphers Previously, _libvirt_ depended on the hard-coded cipher defaults in *GnuTLS*. This made it possible to use weak ciphers. With this update, configuration options to exclude weak ciphers have been added to the `libvirtd.conf` and `libvirt.conf` files. In addition, *TLS* priority support was added to _libvirt_ URIs. As a a result, the list of used ciphers can be customized to exclude weak ciphers. |
| Yehuda Zimmerman | 2017-02-08 14:52:17 UTC | Doc Type | Bug Fix | Enhancement |
| errata-xmlrpc | 2017-03-21 01:04:37 UTC | Status | VERIFIED | RELEASE_PENDING |
| errata-xmlrpc | 2017-03-21 10:39:08 UTC | Status | RELEASE_PENDING | CLOSED |
| Resolution | --- | ERRATA | ||
| Last Closed | 2016-05-30 09:13:57 UTC | 2017-03-21 06:39:08 UTC |
Back to bug 1333415