Red Hat Bugzilla – Full Text Bug Listing
|Summary:||[Rebase] Perl Net-SSLeay > 1.53 for authentication with Mac and ios|
|Product:||Red Hat Enterprise Linux 6||Reporter:||Piyush Bhoot <pbhoot>|
|Status:||CLOSED WONTFIX||QA Contact:||BaseOS QE Security Team <qe-baseos-security>|
|Version:||6.7||CC:||a.dekker, ppisar, psabata|
|Fixed In Version:||Doc Type:||Rebase: Bug Fixes and Enhancements|
|Doc Text:||Story Points:||---|
|Last Closed:||2015-09-23 09:10:34 EDT||Type:||Bug|
|oVirt Team:||---||RHEL 7.3 requirements from Atomic Host:|
|Bug Depends On:|
Description Piyush Bhoot 2015-08-13 13:32:32 EDT
Description of problem: MacOSX 10.11 and iOS9 use TLS1.2/EAP for authentication to Radiator servers. Radiator depends on the perl-Net-SSLeay package. and RHEL6.7 the Net::SSLeay is version 1.35. To correctly handle TLS1.2/EAP you need Net::SSLeay > 1.53. Issue is on RHEL 6.7 with Radiator 4.15
Comment 2 Petr Pisar 2015-08-24 09:25:07 EDT
Red Hat usually does not rebase packages. Especially when the difference between the delivered and requested version is so big (only the changelog difference has more than a thousand of lines). Could you please be more specific which functionality from <http://cpansearch.perl.org/src/MIKEM/Net-SSLeay-1.53/Changes> are you interested in? We can try to port it back. Is it the support for OpenSSL's SSL_export_keying_material()?
Comment 3 Arjan Dekker 2015-08-26 05:33:20 EDT
we have the same problem. Radiator does not support TLS v1.2 thanks to the old version of Net::SSLeay. I think that this is what we need: Added support for tlsv1.1 tlsv1.2 via $Net::SSLeay::ssl_version From: http://cpansearch.perl.org/src/MIKEM/Net-SSLeay-1.66/Changes
Comment 4 Petr Pisar 2015-08-26 07:28:18 EDT
(In reply to Arjan Dekker from comment #3) > we have the same problem. Radiator does not support TLS v1.2 thanks to the > old version of Net::SSLeay. I think that this is what we need: > Added support for tlsv1.1 tlsv1.2 via $Net::SSLeay::ssl_version > The feature you described is about forcing TLS version that is useful when OpenSSL's negotiation does not work. It was added in upstream's 1.59 version. Hence I think this is a different issue. If you think you need it, then please contact Red Hat support with your request for adding support for $Net::SSLeay::ssl_version to recognize values 11 (TLSv1.1) and 12 (TLSv1.2). I don't have Radiator sources to determine whether the feature is or is not needed.
Comment 8 Petr Pisar 2015-09-23 09:10:34 EDT
We are not going to rebase this package. If you need a specific feature, please file a new request for the feature.