Bug 1174775
| Summary: | rhn tools fail on sslv3 alert handshake failure in FIPS | ||
|---|---|---|---|
| Product: | Red Hat Enterprise Linux 6 | Reporter: | Ondrej Moriš <omoris> |
| Component: | rhn-client-tools | Assignee: | Tomáš Kašpárek <tkasparek> |
| Status: | CLOSED WONTFIX | QA Contact: | Red Hat Satellite QA List <satqe-list> |
| Severity: | high | Docs Contact: | |
| Priority: | high | ||
| Version: | 6.6 | CC: | ebenes, hkario, jhutar |
| Target Milestone: | rc | ||
| Target Release: | --- | ||
| Hardware: | All | ||
| OS: | Linux | ||
| Whiteboard: | |||
| Fixed In Version: | Doc Type: | Bug Fix | |
| Doc Text: | Story Points: | --- | |
| Clone Of: | Environment: | ||
| Last Closed: | 2015-11-23 14:37:10 UTC | Type: | Bug |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
| Bug Depends On: | |||
| Bug Blocks: | 691449 | ||
Quality Engineering Management has reviewed and declined this request. You may appeal this decision by reopening this request. |
Description of problem: In FIPS mode, SSLv3 is not allowed. Binaries from rhn-client-tools apparently use ssl.py python library with PROTOCOL_SSLv23 which leads, for instance, to the following errors in FIPS mode: # rhn_check ERROR: SSL errors detected [('SSL routines', 'SSL23_GET_SERVER_HELLO', 'sslv3 alert handshake failure')] # rhn_register An error has occurred: Network error: sslv3 alert handshake failure See /var/log/up2date for more information # yum repolist Loaded plugins: product-id, rhnplugin, security, subscription-manager Network error: sslv3 alert handshake failure Version-Release number of selected component (if applicable): rhnsd-4.9.3-2.el6.x86_64 rhn-client-tools-1.0.0.1-18.el6.noarch rhn-setup-1.0.0.1-18.el6.noarch rhn-check-1.0.0.1-18.el6.noarch rhnlib-2.5.22-15.el6.noarch yum-rhn-plugin-0.9.1-50.el6.noarch How reproducible: 100% Steps to Reproduce: 1. Setup FIPS mode * see https://access.redhat.com/knowledge/solutions/137833, * or ask me. 2. Execute, for instance, rhn_register Actual results: Tools rhn-* do not work in FIPS, yum-rhn-plugin does not work as well. If yum-rhn-plugin is enabled, yum does not work at all. Expected results: All rhn-* tools work in FIPS flawlessly. Additional info: * this might be solved by using PROTOCOL_TLSv* in FIPS * if you need more information about FIPS, feel free to ask * see also [1] [1] https://wiki.test.redhat.com/BaseOs/Security/FIPS/TestsExecution