Bug 1585022

Summary: [downstream clone - 4.2.4] Add option to configure cipher list available for encrypted connections
Product: Red Hat Enterprise Virtualization Manager Reporter: RHV bug bot <rhv-bugzilla-bot>
Component: vdsmAssignee: Piotr Kliczewski <pkliczew>
Status: CLOSED ERRATA QA Contact: Jiri Belka <jbelka>
Severity: high Docs Contact:
Priority: unspecified    
Version: 4.2.0CC: amashah, lsurette, mgoldboi, mkalinin, mperina, pmatyas, pstehlik, srevivo, trichard, ycui, ykaul
Target Milestone: ovirt-4.2.4Keywords: ZStream
Target Release: ---Flags: pmatyas: testing_plan_complete+
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: Enhancement
Doc Text:
This release adds a new 'ssl_ciphers' option to VDSM, which allows you to configure available ciphers for encrypted connections (for example, the Manager to VDSM, or VDSM to VDSM). The values of this option conform to OpenSSL standard. To set this option: 1. Move the host to Maintenance in the Manager. 2. Create a new /etc/vdsm/vdsm.conf.d/99-custom-ciphers.conf file with the following content: [vars] ssl_ciphers = <VALUE> where <VALUE> is one of the values described in the CIPHERS STRINGD section in https://www.openssl.org/docs/man1.0.2/apps/ciphers.html. 3. Restart VDSM. 4. Activate the host in the Manager.
 Story Points: ---
Clone Of: 1585008 Environment:
Last Closed: 2018-06-27 10:02:46 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: Infra RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 1585008, 1641455    
Bug Blocks: 1577594    

Description RHV bug bot 2018-06-01 07:28:49 UTC 
+++ This bug is a downstream clone. The original bug is: +++
+++   bug 1585008 +++
======================================================================

Description of problem:

Add ssl_ciphers option to be able to configure available ciphers for encrypted connections. Values of this options conforms to OpenSSL standards: https://www.openssl.org/docs/man1.0.2/apps/ciphers.html

Version-Release number of selected component (if applicable):


How reproducible:


Steps to Reproduce:
1.
2.
3.

Actual results:


Expected results:


Additional info:

(Originally by Martin Perina)
Comment 2 Jiri Belka 2018-06-01 12:46:41 UTC 
ok, vdsm-4.20.29-1.el7ev.x86_64

# cat /etc/vdsm/vdsm.conf.d/99-custom-ciphers.conf 
[vars]
ssl_ciphers = HIGH

tested migration between non-updated and updated vdsm hosts in 4.2 env
Comment 6 errata-xmlrpc 2018-06-27 10:02:46 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHEA-2018:2072
Comment 7 Franta Kust 2019-05-16 13:07:14 UTC 
BZ<2>Jira Resync
Comment 8 Daniel Gur 2019-08-28 13:13:58 UTC 
sync2jira
Comment 9 Daniel Gur 2019-08-28 13:18:13 UTC 
sync2jira