Bug 1264951
Summary: | sslBackwardCompatibility=false (default) disables too much | ||||||
---|---|---|---|---|---|---|---|
Product: | Red Hat Enterprise Linux 7 | Reporter: | Alois Mahdal <amahdal> | ||||
Component: | tog-pegasus | Assignee: | Vitezslav Crhonek <vcrhonek> | ||||
Status: | CLOSED ERRATA | QA Contact: | qe-baseos-daemons | ||||
Severity: | unspecified | Docs Contact: | |||||
Priority: | unspecified | ||||||
Version: | 7.2 | CC: | lmiksik, psklenar | ||||
Target Milestone: | rc | Keywords: | Regression | ||||
Target Release: | --- | ||||||
Hardware: | Unspecified | ||||||
OS: | Unspecified | ||||||
Whiteboard: | |||||||
Fixed In Version: | tog-pegasus-2.14.1-3.el7 | Doc Type: | Bug Fix | ||||
Doc Text: | Story Points: | --- | |||||
Clone Of: | Environment: | ||||||
Last Closed: | 2015-11-19 11:08:59 UTC | Type: | Bug | ||||
Regression: | --- | Mount Type: | --- | ||||
Documentation: | --- | CRM: | |||||
Verified Versions: | Category: | --- | |||||
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |||||
Cloudforms Team: | --- | Target Upstream Version: | |||||
Embargoed: | |||||||
Attachments: |
|
Description
Alois Mahdal
2015-09-21 17:29:14 UTC
Created attachment 1075693 [details]
proposed patch
Patch modifies sslBackwardCompatibility option to affect only SSLv3 support. (This should be probably emphasized in release notes, as it differs from upstream/expected behaviour significantly.)
Note to QA: we have at least one test case (TC#506392) that can safely cover this. Also I will add specific test case as well--it should be really simple: 1. Connect to the HTTPS port with * various SSL/TLS versions, at least * SSLv3, * TLS1.0 (=SSLv1.1), * TLS1.1 * TLS1.2 * TLS1.3 if you you have a client that supports it. * sslBackwardCompatibility set to true or false (default) Consider using curl, openssl s_client or similar. It's enough if you get connected and *some* reply from the server; an HTTP 4xx reply is OK. 2. Make sure only SSLv3 is turned off by default, and turning on sslBackwardCompatibility turns SSLv3 back on (IOW all versions will work) Automated test scheduled for the new build: TJ#1092237 All passed; thanks! quick fix jumped over the lazy bug Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://rhn.redhat.com/errata/RHBA-2015-2314.html |