Bug 1751035
Summary: | Allow and Deny same Ciphers same time | ||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|
Product: | Red Hat Directory Server | Reporter: | Anuj Borah <aborah> | ||||||||
Component: | cockpit-389-ds | Assignee: | Simon Pichugin <spichugi> | ||||||||
Status: | CLOSED ERRATA | QA Contact: | RHDS QE <ds-qe-bugs> | ||||||||
Severity: | unspecified | Docs Contact: | |||||||||
Priority: | unspecified | ||||||||||
Version: | 11.0 | CC: | mreynolds, pasik, sgouvern, spichugi, tbordaz, vashirov | ||||||||
Target Milestone: | --- | ||||||||||
Target Release: | dirsrv-11.2 | ||||||||||
Hardware: | Unspecified | ||||||||||
OS: | Unspecified | ||||||||||
Whiteboard: | |||||||||||
Fixed In Version: | 389-ds-base-1.4.3.11-1.module+el8dsrv+7557+bc264682 | Doc Type: | If docs needed, set a value | ||||||||
Doc Text: | Story Points: | --- | |||||||||
Clone Of: | Environment: | ||||||||||
Last Closed: | 2020-11-04 10:53:12 UTC | Type: | Bug | ||||||||
Regression: | --- | Mount Type: | --- | ||||||||
Documentation: | --- | CRM: | |||||||||
Verified Versions: | Category: | --- | |||||||||
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |||||||||
Cloudforms Team: | --- | Target Upstream Version: | |||||||||
Embargoed: | |||||||||||
Attachments: |
|
Created attachment 1613915 [details]
Video2
I can still see the same condition : [root@ci-vm-10-0-136-19 install]# rpm -qea | grep 389 cockpit-389-ds-1.4.2.12-1.module+el8dsrv+6328+f04d7471.noarch python3-lib389-1.4.2.12-1.module+el8dsrv+6328+f04d7471.noarch 389-ds-base-1.4.2.12-1.module+el8dsrv+6328+f04d7471.x86_64 389-ds-base-libs-1.4.2.12-1.module+el8dsrv+6328+f04d7471.x86_64 Created attachment 1679626 [details]
SS
Well this is an odd one. This is how NSS behaves. This is NOT a bug in UI, once you set a specific cipher then the enabled list that comes from NSS disappears. Might be intentional, might be a bug in NSS or in DS, but it's not the UI. I'll verify this and change the bug component accordingly. With build 389-ds-base-1.4.3.11-1.module+el8dsrv+7557+bc264682.x86_64 cockpit-389-ds-1.4.3.11-1.module+el8dsrv+7557+bc264682.noarch The selected 'allow specific ciphers' are no more available in the 'Deny specific ciphers' list, and vice versa. That way it is now not possible to allow and deny the same ciphers at the same time. marking as VERIFIED Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory (Red Hat Directory Server bug fix and enhancement update), and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHBA-2020:4911 |
Created attachment 1613914 [details] Video1 Description of problem: Security > Cipher Preferences > Allow Specific Ciphers > TLS_AES_128_GCM_SHA256 Security > Cipher Preferences > Deny Specific Ciphers > TLS_AES_128_GCM_SHA256 It allows to allow and deny same Ciphers same time. Version-Release number of selected component (if applicable): 389-ds-base-1.4.1.8-1.module+el8dsrv+4209+f45880df.x86_64 How reproducible: Always Steps to Reproduce: 1. 2. 3. Actual results: Expected results: Additional info: