Bug 1354452
| Summary: | [notifier] drop mentioning AES192 and AES256 in notifier.conf | ||
|---|---|---|---|
| Product: | [oVirt] ovirt-engine | Reporter: | Jiri Belka <jbelka> |
| Component: | Services.Notifier | Assignee: | Ravi Nori <rnori> |
| Status: | CLOSED CURRENTRELEASE | QA Contact: | Jiri Belka <jbelka> |
| Severity: | low | Docs Contact: | |
| Priority: | unspecified | ||
| Version: | 4.0.0 | CC: | bugs, lsvaty, mperina |
| Target Milestone: | ovirt-4.0.2 | Flags: | rule-engine:
ovirt-4.0.z+
rule-engine: planning_ack+ mperina: devel_ack+ lsvaty: testing_ack+ |
| Target Release: | 4.0.2 | ||
| Hardware: | Unspecified | ||
| OS: | Unspecified | ||
| Whiteboard: | |||
| Fixed In Version: | Doc Type: | If docs needed, set a value | |
| Doc Text: | Story Points: | --- | |
| Clone Of: | Environment: | ||
| Last Closed: | 2016-08-12 14:24:46 UTC | Type: | Bug |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | Infra | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
|
Description
Jiri Belka
2016-07-11 11:18:00 UTC
Discovered while checking what kind of AES does OpenBSD snmpd (manager) uses (yes, this is not industry favourite snmp daemon implementation...):
$ grep -IRi aes ../cvs/openbsd-src/usr.sbin/snmpd/*.{c,h,y}
../cvs/openbsd-src/usr.sbin/snmpd/usm.c: case PRIV_AES:
../cvs/openbsd-src/usr.sbin/snmpd/usm.c: return EVP_aes_128_cfb128();
../cvs/openbsd-src/usr.sbin/snmpd/usm.c: case PRIV_AES:
../cvs/openbsd-src/usr.sbin/snmpd/usm.c: priv = "CFB128-AES-128";
../cvs/openbsd-src/usr.sbin/snmpd/usm.c: case PRIV_AES:
../cvs/openbsd-src/usr.sbin/snmpd/snmpd.h: PRIV_AES /* CFB128-AES-128, RFC3826 */
../cvs/openbsd-src/usr.sbin/snmpd/parse.y: else if (strcasecmp($1, "aes") == 0 ||
../cvs/openbsd-src/usr.sbin/snmpd/parse.y: strcasecmp($1, "cfb128-aes-128") == 0)
../cvs/openbsd-src/usr.sbin/snmpd/parse.y: $$ = PRIV_AES;
I'd prefer to mention all of them as available options, but let's redefine the description like this: # The SNMPv3 privacy protocol. Supported values are AES128, AES192 and AES256. # Be aware that AES192 and AES256 are not defined in RFC3826, so please verify # that your SNMP server supports those protocols before enabling them I just briefly checked that all major SNMP vendors like Cisco, HP and IBM supports those higher encryption protocols. (In reply to Martin Perina from comment #2) > I'd prefer to mention all of them as available options, but let's redefine > the description like this: > > # The SNMPv3 privacy protocol. Supported values are AES128, AES192 and > AES256. > # Be aware that AES192 and AES256 are not defined in RFC3826, so please > verify > # that your SNMP server supports those protocols before enabling them > > > I just briefly checked that all major SNMP vendors like Cisco, HP and IBM > supports those higher encryption protocols. I'm fine with this. This is documentation only fix for SNMPv3 feature which is new in 4.0, so it makes sense to have it included in 4.0.2 ok rpm2cpio ovirt-engine-tools-4.0.3-0.0.master.20160724203215.git5682254.el7.centos.noarch.rpm | cpio -i --to-stdout './usr/share/ovirt-engine/services/ovirt-engine-notifier/ovirt-engine-notifier.conf' 2>/dev/null | sed -n '/SNMPv3 privacy protocol/,+3p' # The SNMPv3 privacy protocol. Supported values are AES128, AES192 and AES256. # Be aware that AES192 and AES256 are not defined in RFC3826, so please verify # that your SNMP server supports those protocols before enabling them. SNMP_PRIVACY_PROTOCOL= |