Bug 1412547
Summary: | Allow negotiation of highest available TLS version for engine <-> VDSM communication | |||
---|---|---|---|---|
Product: | [oVirt] ovirt-engine | Reporter: | Martin Perina <mperina> | |
Component: | Backend.Core | Assignee: | Piotr Kliczewski <pkliczew> | |
Status: | CLOSED CURRENTRELEASE | QA Contact: | Jiri Belka <jbelka> | |
Severity: | high | Docs Contact: | ||
Priority: | unspecified | |||
Version: | 4.0.0 | CC: | bugs, melewis | |
Target Milestone: | ovirt-4.1.1 | Keywords: | ZStream | |
Target Release: | 4.1.1 | Flags: | rule-engine:
ovirt-4.1+
rule-engine: planning_ack+ mperina: devel_ack+ pstehlik: testing_ack+ |
|
Hardware: | Unspecified | |||
OS: | Unspecified | |||
Whiteboard: | ||||
Fixed In Version: | Doc Type: | Enhancement | ||
Doc Text: |
Previously, when the Manager attempted to connect to VDSM it tried to negotiate the highest available version of TLS but due to previous issues there was a limitation to try TLSv1.0 as the highest version and to not try any higher version. Now, the limit has been removed so that TLSv1.1 and TLSv1.2 can be negotiated if they are available on the VDSM side. Removing this limit will allow TLSv1.0 to be dropped from future versions of VDSM.
|
Story Points: | --- | |
Clone Of: | ||||
: | 1419540 (view as bug list) | Environment: | ||
Last Closed: | 2017-04-21 09:51:08 UTC | Type: | Bug | |
Regression: | --- | Mount Type: | --- | |
Documentation: | --- | CRM: | ||
Verified Versions: | Category: | --- | ||
oVirt Team: | Infra | RHEL 7.3 requirements from Atomic Host: | ||
Cloudforms Team: | --- | Target Upstream Version: | ||
Embargoed: | ||||
Bug Depends On: | ||||
Bug Blocks: | 1408847, 1414696, 1414923, 1419540 |
Description
Martin Perina
2017-01-12 09:25:01 UTC
Retargeting to 4.1.1 to allow more extensive testing of the feature ok, ovirt-engine-4.1.1.3-0.1.el7.noarch 1. VdsmSSLProtocol = TLSv1.2 vs ssl_protocol = tlsv1 > client tls 1.2, agreed tls 1.0 2. VdsmSSLProtocol = TLSv1.2 vs ssl_protocol = sslv23 > client tls 1.2, agreed tls 1.2 |