Bug 1198317
Summary: | xchat only supports SSLv3 | ||||||
---|---|---|---|---|---|---|---|
Product: | Red Hat Enterprise Linux 7 | Reporter: | Sean E. Millichamp <sean> | ||||
Component: | xchat | Assignee: | Debarshi Ray <debarshir> | ||||
Status: | CLOSED ERRATA | QA Contact: | Desktop QE <desktop-qa-list> | ||||
Severity: | high | Docs Contact: | |||||
Priority: | urgent | ||||||
Version: | 7.0 | CC: | arubin, debarshir, lersek, lmiksik, mcepl, mclasen, tingping, tpelka, vrutkovs | ||||
Target Milestone: | rc | ||||||
Target Release: | --- | ||||||
Hardware: | All | ||||||
OS: | Linux | ||||||
Whiteboard: | |||||||
Fixed In Version: | Doc Type: | Bug Fix | |||||
Doc Text: | Story Points: | --- | |||||
Clone Of: | Environment: | ||||||
Last Closed: | 2015-11-19 07:31:45 UTC | Type: | Bug | ||||
Regression: | --- | Mount Type: | --- | ||||
Documentation: | --- | CRM: | |||||
Verified Versions: | Category: | --- | |||||
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |||||
Cloudforms Team: | --- | Target Upstream Version: | |||||
Embargoed: | |||||||
Attachments: |
|
Description
Sean E. Millichamp
2015-03-03 19:21:24 UTC
Fedora has fixed this bug in last October / November; please simply pick up the patch from there. Linking the Fedora bug. I'm also bumping the priority, because this bug prevents RHEL-7 xchat from connecting to OFTC IRC servers, where a lot of open source development happens. As explained by the OFTC admins, the OFTC IRC servers have recently been upgraded to the new Debian release (Jessie). The SSL server config in that release apparently rejects all SSLv3 cipher suites, but xchat's ClientHello (as in RHEL-7) advertizes only such ciphersuites. http://fpaste.org/218761/08553331/ http://fpaste.org/218763/14308554/ https://www.openssl.org/docs/ssl/SSL_CTX_new.html Thanks! Created attachment 1022315 [details]
Fedora patch (added in dist-git commit 0d239d37)
Upstream bug: http://sourceforge.net/p/xchat/bugs/1598/ (In reply to Laszlo Ersek from comment #3) > Upstream bug: http://sourceforge.net/p/xchat/bugs/1598/ Note that upstream is dead and should likely be replaced by HexChat at some point. I agree that upstream seems dead -- the most recent upstream release on xchat.org, 2.8.9, is from 2010 -- but as long as xchat is part of a RHEL major release, the package needs to get at least some (minimally: security) support. (Which I guess sort of answers your question in bug 1091544 comment 10 as well.) Hexchat is not in RHEL yet. If an xchat -> hexchat switch would be worthwhile, then the current maintainer of the RHEL xchat package should probably champion that cause with PM. Personally for me, in order to upgrade from the RHEL7 xchat package to the *EPEL7* hexchat package (ie. within the same RHEL major release), I would require hexchat to import my xchat settings without manual intervention (either on first startup, or by me running a specialized one-off config conversion tool). RHEL7 xchat keeps its config stuff under ~/.config/xchat2, whereas that of hexchat lives under ~/.config/hexchat [1]. Painless upgrades (no regressions) are part of what make RHEL enterprise level & suitable for production environments, and I certainly depend on those qualities with my RHEL7 Workstation installation on my laptop. [1] https://hexchat.readthedocs.org/en/latest/settings.html#config-files In any case, hexchat seems to me like a reasonable upgrade path -- thank you very much for your continued upstream development and Fedora maintenance! *** Bug 1221262 has been marked as a duplicate of this bug. *** I built xchat-2.8.8-23.el7: https://brewweb.devel.redhat.com/taskinfo?taskID=9184968 (In reply to Debarshi Ray from comment #10) > I built xchat-2.8.8-23.el7: > https://brewweb.devel.redhat.com/taskinfo?taskID=9184968 Works well for me, thank you. Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://rhn.redhat.com/errata/RHBA-2015-2215.html |