Bug 1660839

Summary: [RHEL8] Bluejeans is missing video
Product: Red Hat Enterprise Linux 8 Reporter: Martin Stransky <stransky>
Component: crypto-policiesAssignee: Tomas Mraz <tmraz>
Status: CLOSED NOTABUG QA Contact: BaseOS QE Security Team <qe-baseos-security>
Severity: low Docs Contact: Mirek Jahoda <mjahoda>
Priority: low    
Version: 8.0CC: blc, cww, hkario, igkioka, jhorak, jkoten, mjahoda, mmcgrath, mthacker, nmavrogi, oliver, stransky, tmraz, tpelka, tpopela
Target Milestone: rcKeywords: Tracking
Target Release: 8.0   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: Deprecated Functionality
Doc Text:
.TLS 1.0 and TLS 1.1 are deprecated The TLS 1.0 and TLS 1.1 protocols are disabled in the `DEFAULT` system-wide cryptographic policy level. If your scenario, for example, a video conferencing application in the Firefox web browser, requires using the deprecated protocols, switch the system-wide cryptographic policy to the `LEGACY` level: ---- # update-crypto-policies --set LEGACY ---- For more information, see the link:https://access.redhat.com/articles/3642912[Strong crypto defaults in RHEL 8 and deprecation of weak crypto algorithms] Knowledgebase article on the Red Hat Customer Portal and the `update-crypto-policies(8)` man page.
 Story Points: ---
Clone Of: Environment:
Last Closed: 2019-05-03 10:14:25 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On:    
Bug Blocks: 1678350    

Description Martin Stransky 2018-12-19 10:35:05 UTC 
Description of problem:

RHEL8 has a trouble with Bluejeans.
Once someone connects to a bluejeans session beyond himself he just gets an
endless spinners saying 'waiting on video'.
Comment 2 Martin Stransky 2018-12-21 08:30:05 UTC 
After some investigation it looks like the WebRTC on RHEL8 does not receive any data so there's no content to show - but not sure why that happens.
Comment 5 Jan Horak 2019-01-04 10:13:14 UTC 
It seems that webrtc connection needs TLS 1.1 which is disabled by default in RHEL8. The workaround for this is:
sudo update-crypto-policies --set LEGACY
Switching to nss component as long as we can't do much about in from the Firefox point of view.

Debugging info:
the call of ssl3_NegotiateVersion fails with SSL_ERROR_UNSUPPORTED_VERSION
can be debugged with:
$ export MOZ_LOG="mtransport:5"
$ firefox
Comment 6 Tomas Mraz 2019-01-04 14:41:55 UTC 
I would say this is by-design and there is a workaround. BlueJeans should not require TLS-1.1.