Bug 1751035

Summary: Allow and Deny same Ciphers same time
Product: Red Hat Directory Server Reporter: Anuj Borah <aborah>
Component: cockpit-389-dsAssignee: Simon Pichugin <spichugi>
Status: CLOSED ERRATA QA Contact: RHDS QE <ds-qe-bugs>
Severity: unspecified Docs Contact:
Priority: unspecified    
Version: 11.0CC: mreynolds, pasik, sgouvern, spichugi, tbordaz, vashirov
Target Milestone: ---   
Target Release: dirsrv-11.2   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: 389-ds-base-1.4.3.11-1.module+el8dsrv+7557+bc264682 Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2020-11-04 10:53:12 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Attachments:
Description Flags
Video1
none
Video2
none
SS none

Description Anuj Borah 2019-09-11 04:54:40 UTC 
Created attachment 1613914 [details]
Video1

Description of problem:

Security > Cipher Preferences > Allow Specific Ciphers > TLS_AES_128_GCM_SHA256
Security > Cipher Preferences > Deny Specific Ciphers > TLS_AES_128_GCM_SHA256

It allows to allow and deny same Ciphers same time.

Version-Release number of selected component (if applicable):
389-ds-base-1.4.1.8-1.module+el8dsrv+4209+f45880df.x86_64

How reproducible:
Always


Steps to Reproduce:
1.
2.
3.

Actual results:


Expected results:


Additional info:
Comment 1 Anuj Borah 2019-09-11 04:55:13 UTC 
Created attachment 1613915 [details]
Video2
Comment 2 mreynolds 2019-11-08 22:06:04 UTC 
https://pagure.io/389-ds-base/issue/50696
Comment 5 Anuj Borah 2020-04-17 10:24:12 UTC 
I can still see the same condition :

[root@ci-vm-10-0-136-19 install]# rpm -qea | grep 389
cockpit-389-ds-1.4.2.12-1.module+el8dsrv+6328+f04d7471.noarch
python3-lib389-1.4.2.12-1.module+el8dsrv+6328+f04d7471.noarch
389-ds-base-1.4.2.12-1.module+el8dsrv+6328+f04d7471.x86_64
389-ds-base-libs-1.4.2.12-1.module+el8dsrv+6328+f04d7471.x86_64
Comment 6 Anuj Borah 2020-04-17 10:29:29 UTC 
Created attachment 1679626 [details]
SS
Comment 7 mreynolds 2020-04-17 11:37:54 UTC 
Well this is an odd one.  This is how NSS behaves.  This is NOT a bug in UI, once you set a specific cipher then the enabled list that comes from NSS disappears.  Might be intentional, might be a bug in NSS or in DS, but it's not the UI.  I'll verify this and change the bug component accordingly.
Comment 11 sgouvern 2020-09-18 09:57:47 UTC 
With build 
389-ds-base-1.4.3.11-1.module+el8dsrv+7557+bc264682.x86_64
cockpit-389-ds-1.4.3.11-1.module+el8dsrv+7557+bc264682.noarch

The selected 'allow specific ciphers' are no more available in the 'Deny specific ciphers' list, and vice versa.
That way it is now not possible to allow and deny the same ciphers at the same time.

marking as VERIFIED
Comment 13 errata-xmlrpc 2020-11-04 10:53:12 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory (Red Hat Directory Server bug fix and enhancement update), and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHBA-2020:4911