Bug 1247152
| Summary: | SSL improvements: ECDH, DH, CRL, and accessible options | |||
|---|---|---|---|---|
| Product: | [Community] GlusterFS | Reporter: | manu <manu> | |
| Component: | transport | Assignee: | bugs <bugs> | |
| Status: | CLOSED CURRENTRELEASE | QA Contact: | ||
| Severity: | medium | Docs Contact: | ||
| Priority: | unspecified | |||
| Version: | mainline | CC: | bugs, rkavunga, ueberall | |
| Target Milestone: | --- | Keywords: | Triaged | |
| Target Release: | --- | |||
| Hardware: | All | |||
| OS: | All | |||
| Whiteboard: | ||||
| Fixed In Version: | glusterfs-3.8rc2 | Doc Type: | Bug Fix | |
| Doc Text: | Story Points: | --- | ||
| Clone Of: | ||||
| : | 1247153 (view as bug list) | Environment: | ||
| Last Closed: | 2016-06-16 13:26:51 UTC | Type: | Bug | |
| Regression: | --- | Mount Type: | --- | |
| Documentation: | --- | CRM: | ||
| Verified Versions: | Category: | --- | ||
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | ||
| Cloudforms Team: | --- | Target Upstream Version: | ||
| Embargoed: | ||||
|
Description
manu@netbsd.org
2015-07-27 13:12:03 UTC
REVIEW: http://review.gluster.org/11735 (SSL improvements: ECDH, DH, CRL, and accessible options) posted (#7) for review on master by Emmanuel Dreyfus (manu) REVIEW: http://review.gluster.org/11735 (SSL improvements: ECDH, DH, CRL, and accessible options) posted (#8) for review on master by Emmanuel Dreyfus (manu) REVIEW: http://review.gluster.org/11735 (SSL improvements: ECDH, DH, CRL, and accessible options) posted (#9) for review on master by Emmanuel Dreyfus (manu) COMMIT: http://review.gluster.org/11735 committed in master by Kaleb KEITHLEY (kkeithle) ------ commit 28fc199d5dc92a69eb2b899bbea23548dc14a39b Author: Emmanuel Dreyfus <manu> Date: Thu Jul 30 13:54:51 2015 +0200 SSL improvements: ECDH, DH, CRL, and accessible options - Introduce ssl.dh-param option to specify a file containinf DH parameters. If it is provided, EDH ciphers are available. - Introduce ssl.ec-curve option to specify an elliptic curve name. If unspecified, ECDH ciphers are available using the prime256v1 curve. - Introduce ssl.crl-path option to specify the directory where the CRL hash file can be found. Setting to NULL disable CRL checking, just like the default. - Make all ssl.* options accessible through gluster volume set. - In default cipher list, exclude weak ciphers instead of listing the strong ones. - Enforce server cipher preference. - introduce RPC_SET_OPT macro to factor repetitive code in glusterd-volgen.c - Add ssl-ciphers.t test to check all the features touched by this change. Change-Id: I7bfd433df6bbf176f4a58e770e06bcdbe22a101a BUG: 1247152 Signed-off-by: Emmanuel Dreyfus <manu> Reviewed-on: http://review.gluster.org/11735 Tested-by: NetBSD Build System <jenkins.org> Reviewed-by: Kaushal M <kaushal> Tested-by: Gluster Build System <jenkins.com> Reviewed-by: Jeff Darcy <jdarcy> REVIEW: http://review.gluster.org/11840 (SSL improvements: do not fail if certificate purpose is set) posted (#1) for review on master by Emmanuel Dreyfus (manu) REVIEW: http://review.gluster.org/11840 (SSL improvements: do not fail if certificate purpose is set) posted (#2) for review on master by Emmanuel Dreyfus (manu) This bug is getting closed because a release has been made available that should address the reported issue. In case the problem is still not fixed with glusterfs-3.8.0, please open a new bug report. glusterfs-3.8.0 has been announced on the Gluster mailinglists [1], packages for several distributions should become available in the near future. Keep an eye on the Gluster Users mailinglist [2] and the update infrastructure for your distribution. [1] http://blog.gluster.org/2016/06/glusterfs-3-8-released/ [2] http://thread.gmane.org/gmane.comp.file-systems.gluster.user |