Bug 1421204

Summary: Allow TLSv1.2 during protocol negotiation for external provider communication
Product: [oVirt] ovirt-engine Reporter: Martin Perina <mperina>
Component: BLL.InfraAssignee: Martin Perina <mperina>
Status: CLOSED CURRENTRELEASE QA Contact: Jiri Belka <jbelka>
Severity: high Docs Contact:
Priority: unspecified    
Version: ---CC: bgraveno, bugs, lsvaty, mgoldboi, mperina, stirabos
Target Milestone: ovirt-4.1.3Keywords: Improvement
Target Release: 4.1.3Flags: rule-engine: ovirt-4.1+
mgoldboi: planning_ack+
mperina: devel_ack+
lsvaty: testing_ack+
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: Enhancement
Doc Text:
Previous versions of Red Hat Virtualization were able to negotiate encryption protocol up to TLSv1 for external provider communication. This update adds the the ability to negotiate encryption protocol up to TLSv1.2. Note: The exact version used for communication depends on highest version available on the external provider target.
 Story Points: ---
Clone Of: Environment:
Last Closed: 2017-07-06 13:19:36 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: Infra RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On:    
Bug Blocks: 1408847    

Description Martin Perina 2017-02-10 15:24:49 UTC 
Description of problem:

Currently we allow protocol negotiation only up to TLSv1.0. We should remove this limit and allow negotiation up to TLSv1.2 for communication with external providers like Foreman, Neutron or Glance.

Version-Release number of selected component (if applicable):


How reproducible:


Steps to Reproduce:
1.
2.
3.

Actual results:


Expected results:


Additional info:
Comment 3 Jiri Belka 2017-06-20 15:18:49 UTC 
ok, ovirt-engine-4.1.3.4-0.1.el7.noarch (Version: TLS 1.2 (0x0303)

check with wireshark and satellite private keys while adding satellite as external provider