Bug 1660839
Summary: | [RHEL8] Bluejeans is missing video | ||
---|---|---|---|
Product: | Red Hat Enterprise Linux 8 | Reporter: | Martin Stransky <stransky> |
Component: | crypto-policies | Assignee: | Tomas Mraz <tmraz> |
Status: | CLOSED NOTABUG | QA Contact: | BaseOS QE Security Team <qe-baseos-security> |
Severity: | low | Docs Contact: | Mirek Jahoda <mjahoda> |
Priority: | low | ||
Version: | 8.0 | CC: | blc, cww, hkario, igkioka, jhorak, jkoten, mjahoda, mmcgrath, mthacker, nmavrogi, oliver, stransky, tmraz, tpelka, tpopela |
Target Milestone: | rc | Keywords: | Tracking |
Target Release: | 8.0 | ||
Hardware: | Unspecified | ||
OS: | Unspecified | ||
Whiteboard: | |||
Fixed In Version: | Doc Type: | Deprecated Functionality | |
Doc Text: |
.TLS 1.0 and TLS 1.1 are deprecated
The TLS 1.0 and TLS 1.1 protocols are disabled in the `DEFAULT` system-wide cryptographic policy level. If your scenario, for example, a video conferencing application in the Firefox web browser, requires using the deprecated protocols, switch the system-wide cryptographic policy to the `LEGACY` level:
----
# update-crypto-policies --set LEGACY
----
For more information, see the link:https://access.redhat.com/articles/3642912[Strong crypto defaults in RHEL 8 and deprecation of weak crypto algorithms] Knowledgebase article on the Red Hat Customer Portal and the `update-crypto-policies(8)` man page.
|
Story Points: | --- |
Clone Of: | Environment: | ||
Last Closed: | 2019-05-03 10:14:25 UTC | Type: | Bug |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: | |||
Bug Depends On: | |||
Bug Blocks: | 1678350 |
Description
Martin Stransky
2018-12-19 10:35:05 UTC
After some investigation it looks like the WebRTC on RHEL8 does not receive any data so there's no content to show - but not sure why that happens. It seems that webrtc connection needs TLS 1.1 which is disabled by default in RHEL8. The workaround for this is: sudo update-crypto-policies --set LEGACY Switching to nss component as long as we can't do much about in from the Firefox point of view. Debugging info: the call of ssl3_NegotiateVersion fails with SSL_ERROR_UNSUPPORTED_VERSION can be debugged with: $ export MOZ_LOG="mtransport:5" $ firefox I would say this is by-design and there is a workaround. BlueJeans should not require TLS-1.1. |