Bug 1193241
Summary: | logconv.pl -- support parsing/showing/reporting different protocol versions | ||
---|---|---|---|
Product: | Red Hat Enterprise Linux 6 | Reporter: | Noriko Hosoi <nhosoi> |
Component: | 389-ds-base | Assignee: | Noriko Hosoi <nhosoi> |
Status: | CLOSED ERRATA | QA Contact: | Viktor Ashirov <vashirov> |
Severity: | medium | Docs Contact: | |
Priority: | medium | ||
Version: | 6.0 | CC: | nkinder, rmeggins |
Target Milestone: | rc | ||
Target Release: | --- | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | |||
Fixed In Version: | 389-ds-base-1.2.11.15-51.el6 | Doc Type: | Bug Fix |
Doc Text: |
logconv.pl utility supports the new SSL/TLS format in the access log.
|
Story Points: | --- |
Clone Of: | Environment: | ||
Last Closed: | 2015-07-22 06:36:58 UTC | Type: | --- |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: |
Description
Noriko Hosoi
2015-02-16 23:35:42 UTC
Steps to verify: Run logconv.pl against the access log from the server with SSL/TLS enabled. Get an access log from the rhel-6.7 389-ds-base (389-ds-base-1.2.11.15-51.el6) as well as the rhel-6.6.z one (it logs the line commented with "legacy access log"). Total Connections: 293 - LDAP Connections: 281 - LDAPI Connections: 0 - LDAPS Connections: 12 - StartTLS Extended Ops: 10 Secure Protocol Versions: - TLS1.2 128-bit AES - 7 - TLS1.1 128-bit AES - 1 - SSL3 128-bit AES - 2 - SSL 128-bit AES - 4 --> legacy access log I ran sslscan against ns-slapd on a secure port. Then converted access logs using logconv.pl from 389-ds-base-1.2.11.15-53. Log from RHEL66 (389-ds-base-1.2.11.15-46.el6.x86_64): Total Connections: 3372 - LDAP Connections: 5 - LDAPI Connections: 0 - LDAPS Connections: 3367 - StartTLS Extended Ops: 0 Secure Protocol Versions: - SSL 56-bit DES - 9 - SSL 40-bit RC4 - 9 - SSL 40-bit RC2 - 9 - SSL 256-bit AES - 9 - SSL 128-bit RC4 - 18 - SSL 128-bit AES - 25 - SSL 112-bit 3DES - 9 Log from RHEL67 (389-ds-base-1.2.11.15-53.el6.x86_64) Total Connections: 4815 - LDAP Connections: 4 - LDAPI Connections: 0 - LDAPS Connections: 4811 - StartTLS Extended Ops: 0 Secure Protocol Versions: - TLS1.2 56-bit DES - 10 - TLS1.2 256-bit AES - 21 - TLS1.2 128-bit RC4 - 20 - TLS1.2 128-bit AES-GCM - 30 - TLS1.2 128-bit AES - 20 - TLS1.2 112-bit 3DES - 10 - TLS1.1 56-bit DES - 10 - TLS1.1 256-bit AES - 18 - TLS1.1 128-bit RC4 - 20 - TLS1.1 128-bit AES - 12 - TLS1.1 112-bit 3DES - 10 - TLS1.0 56-bit DES - 10 - TLS1.0 40-bit RC4 - 10 - TLS1.0 40-bit RC2 - 10 - TLS1.0 256-bit AES - 18 - TLS1.0 128-bit RC4 - 20 - TLS1.0 128-bit AES - 12 - TLS1.0 112-bit 3DES - 10 - SSL3 56-bit DES - 9 - SSL3 40-bit RC4 - 9 - SSL3 40-bit RC2 - 9 - SSL3 256-bit AES - 17 - SSL3 128-bit RC4 - 18 - SSL3 128-bit AES - 10 - SSL3 112-bit 3DES - 9 Marking as VERIFIED Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://rhn.redhat.com/errata/RHBA-2015-1326.html |