Bug 1179229
Summary: | Utilize system-wide crypto-policies | ||||||
---|---|---|---|---|---|---|---|
Product: | [Fedora] Fedora | Reporter: | Nikos Mavrogiannopoulos <nmavrogi> | ||||
Component: | jabberd | Assignee: | Adrian Reber <adrian> | ||||
Status: | CLOSED ERRATA | QA Contact: | Fedora Extras Quality Assurance <extras-qa> | ||||
Severity: | unspecified | Docs Contact: | |||||
Priority: | unspecified | ||||||
Version: | 22 | CC: | adrian, dmaphy, mcepl, mcepl, nmavrogi | ||||
Target Milestone: | --- | ||||||
Target Release: | --- | ||||||
Hardware: | Unspecified | ||||||
OS: | Unspecified | ||||||
Whiteboard: | |||||||
Fixed In Version: | jabberd-2.3.2-4.fc22 | Doc Type: | Bug Fix | ||||
Doc Text: | Story Points: | --- | |||||
Clone Of: | Environment: | ||||||
Last Closed: | 2015-11-21 16:54:00 UTC | Type: | Bug | ||||
Regression: | --- | Mount Type: | --- | ||||
Documentation: | --- | CRM: | |||||
Verified Versions: | Category: | --- | |||||
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |||||
Cloudforms Team: | --- | Target Upstream Version: | |||||
Embargoed: | |||||||
Bug Depends On: | |||||||
Bug Blocks: | 1179209 | ||||||
Attachments: |
|
Description
Nikos Mavrogiannopoulos
2015-01-06 13:05:49 UTC
As far as I can tell jabberd2 does not support specifying a cipher list anywhere in its configuration files. The cipher list is hardcoded. Then it should be hard coded to our accepted cipher list. Please, see the link in the packaging guidelines above. Created attachment 995521 [details] suggested patch (In reply to Nikos Mavrogiannopoulos from comment #2) > Then it should be hard coded to our accepted cipher list. Please, see the > link in the packaging guidelines above. spec file has BuildRequires: openssl-devel and I found this code: // Set allowed ciphers if (SSL_CTX_set_cipher_list(ctx, "ALL:!LOW:!SSLv2:!EXP:!aNULL") != 1) { _sx_debug(ZONE, "Can't set cipher list for SSL context: %s", ERR_error_string(ERR_get_error(), NULL)); SSL_CTX_free(ctx); return 1; } so the attached patch should do The Right Thing™, right? Also, how old OpenSSL does support this? Will this work on RHEL-6? According to discussion on IRC, this Fedora 21+ only, jabberd-2.3.2-4.fc22 has been submitted as an update for Fedora 22. https://admin.fedoraproject.org/updates/jabberd-2.3.2-4.fc22 Package jabberd-2.3.2-4.fc22: * should fix your issue, * was pushed to the Fedora 22 testing repository, * should be available at your local mirror within two days. Update it with: # su -c 'yum update --enablerepo=updates-testing jabberd-2.3.2-4.fc22' as soon as you are able to. Please go to the following url: https://admin.fedoraproject.org/updates/FEDORA-2015-2761/jabberd-2.3.2-4.fc22 then log in and leave karma (feedback). This bug appears to have been reported against 'rawhide' during the Fedora 22 development cycle. Changing version to '22'. More information and reason for this action is here: https://fedoraproject.org/wiki/Fedora_Program_Management/HouseKeeping/Fedora22 jabberd-2.3.2-4.fc22 has been pushed to the Fedora 22 stable repository. If problems still persist, please make note of it in this bug report. |