Bug 1585008
Summary: | Add option to configure cipher list available for encrypted connections | |||
---|---|---|---|---|
Product: | Red Hat Enterprise Virtualization Manager | Reporter: | Martin Perina <mperina> | |
Component: | vdsm | Assignee: | Piotr Kliczewski <pkliczew> | |
Status: | CLOSED ERRATA | QA Contact: | Petr Matyáš <pmatyas> | |
Severity: | high | Docs Contact: | ||
Priority: | unspecified | |||
Version: | 4.2.0 | CC: | dfodor, emarcus, lsurette, lsvaty, mgoldboi, mperina, pstehlik, rdlugyhe, srevivo, ycui | |
Target Milestone: | ovirt-4.3.0 | Keywords: | ZStream | |
Target Release: | --- | |||
Hardware: | Unspecified | |||
OS: | Unspecified | |||
Whiteboard: | ||||
Fixed In Version: | Doc Type: | Enhancement | ||
Doc Text: |
The current release adds a new 'ssl_ciphers' option to VDSM, which enables you to configure available ciphers for encrypted connections (for example, between the Manager and VDSM, or between VDSM and VDSM). The values this option uses conform to the OpenSSL standard. For more information, see https://access.redhat.com/articles/4056301
|
Story Points: | --- | |
Clone Of: | ||||
: | 1585022 1641455 (view as bug list) | Environment: | ||
Last Closed: | 2019-05-08 12:36:02 UTC | Type: | Bug | |
Regression: | --- | Mount Type: | --- | |
Documentation: | --- | CRM: | ||
Verified Versions: | Category: | --- | ||
oVirt Team: | Infra | RHEL 7.3 requirements from Atomic Host: | ||
Cloudforms Team: | --- | Target Upstream Version: | ||
Embargoed: | ||||
Bug Depends On: | ||||
Bug Blocks: | 1585022, 1640357, 1641455 |
Description
Martin Perina
2018-06-01 06:41:09 UTC
Verified on vdsm-4.30.4-1.el7ev.x86_64 Only ciphers with key lengths larger than 128 bits work now by default, can be changed in vdsm.conf Copied approved Doc_text from cloned downstream - https://bugzilla.redhat.com/show_bug.cgi?id=1585022 "This release adds a new 'ssl_ciphers' option to VDSM, which allows you to configure available ciphers for encrypted connections (for example, the Manager to VDSM, or VDSM to VDSM). The values of this option conform to OpenSSL standard. To set this option: 1. Move the host to Maintenance in the Manager. 2. Create a new /etc/vdsm/vdsm.conf.d/99-custom-ciphers.conf file with the following content: [vars] ssl_ciphers = <VALUE> where <VALUE> is one of the values described in the CIPHERS STRINGD section in https://www.openssl.org/docs/man1.0.2/apps/ciphers.html. 3. Restart VDSM. 4. Activate the host in the Manager." Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHBA-2019:1077 |