Bug 1511962

Summary:	[RFE] Enable TLSv12 support by default
Product:	Red Hat Enterprise Virtualization Manager	Reporter:	Martin Perina <mperina>
Component:	vdsm	Assignee:	Piotr Kliczewski <pkliczew>
Status:	CLOSED ERRATA	QA Contact:	Jiri Belka <jbelka>
Severity:	high	Docs Contact:
Priority:	high
Version:	4.1.5	CC:	aperotti, lsurette, lsvaty, melewis, mgoldboi, srevivo, ycui, ykaul, ylavi
Target Milestone:	ovirt-4.2.0	Keywords:	FutureFeature, Improvement, TestOnly, ZStream
Target Release:	---	Flags:	lsvaty: testing_plan_complete-
Hardware:	Unspecified
OS:	Unspecified
Whiteboard:
Fixed In Version:		Doc Type:	Release Note
Doc Text:	Previously, TLSv12 support was backported into Red Hat Virtualization 4.1.5 (BZ#1412552) but it was turned off by default and enabling TLSv12 required manual configuration. Now, TLSv12 support is enabled by default and no manual configuration is required.	Story Points:	---
Clone Of:
Clones:	1513886 (view as bug list)		Environment:
Last Closed:	2018-05-15 17:52:46 UTC	Type:	Bug
Regression:	---	Mount Type:	---
Documentation:	---	CRM:
Verified Versions:		Category:	---
oVirt Team:	Infra	RHEL 7.3 requirements from Atomic Host:
Cloudforms Team:	---	Target Upstream Version:
Embargoed:
Bug Depends On:
Bug Blocks:	1513886

Description Martin Perina 2017-11-10 14:09:29 UTC

Description of problem:

We have backported TLSv12 support into RHV 4.1.5 (BZ1412552), but it was turned off by default and enabled TLSv12 required manual configuration. We want to enable TLSv12 by default to make it aligned with RHV 4.2

Version-Release number of selected component (if applicable):


How reproducible:


Steps to Reproduce:
1.
2.
3.

Actual results:


Expected results:


Additional info:

Comment 2 Martin Perina 2017-11-16 08:43:50 UTC

Marking as TestOnly because in 4.2 we have already enabled TLSv12 by default as a part of BZ1408847

Comment 3 Red Hat Bugzilla Rules Engine 2017-11-22 09:33:47 UTC

The documentation text flag should only be set after 'doc text' field is provided. Please provide the documentation text and set the flag to '?' again.

Comment 4 Piotr Kliczewski 2017-12-01 08:28:38 UTC

Changing the target since the fix was part of 4.1.8 RC.

Comment 5 Martin Perina 2017-12-01 08:48:02 UTC

(In reply to Piotr Kliczewski from comment #4)
> Changing the target since the fix was part of 4.1.8 RC.

Moving back, for 4.1.8 we have clone BZ1513886

Comment 6 Jiri Belka 2017-12-07 16:04:46 UTC

ok

(this bz exists only to allow backporting this into 4.1.8)

# rpm2cpio vdsm-python-4.20.9-1.el7ev.noarch.rpm | cpio --to-stdout -i  './usr/lib/python2.7/site-packages/vdsm/common/config.py' 2>/dev/null | grep -A 2 ssl_protocol
        ('ssl_protocol', 'sslv23',
            'SSL protocol used by encrypted connection'),

Comment 11 errata-xmlrpc 2018-05-15 17:52:46 UTC

Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHEA-2018:1489

Comment 12 Franta Kust 2019-05-16 13:05:46 UTC

BZ<2>Jira Resync