Bug 1942591
Summary: | ECDHE ciphers missing in rh-nodejs14 [rhscl-3.7.z] | ||
---|---|---|---|
Product: | Red Hat Software Collections | Reporter: | RHEL Program Management Team <pgm-rhel-tools> |
Component: | nodejs | Assignee: | Jan Staněk <jstanek> |
Status: | CLOSED ERRATA | QA Contact: | Jan Houska <jhouska> |
Severity: | high | Docs Contact: | |
Priority: | unspecified | ||
Version: | rh-nodejs14 | CC: | bmikulov, hhorak, jeffrey.dillahay, jhouska, jstanek, msuchy, yuri |
Target Milestone: | alpha | Keywords: | Triaged, ZStream |
Target Release: | 3.7 | Flags: | pm-rhel:
mirror+
|
Hardware: | Unspecified | ||
OS: | Unspecified | ||
Whiteboard: | |||
Fixed In Version: | Doc Type: | Bug Fix | |
Doc Text: |
Cause: During refactoring, a part of a patch was missed which was necessary to properly setup ECDHE negotiation with OpenSSL 1.0.*.
Consequence: No ECDHE ciphers (i.e. ECDHE-RSA-AES128-GCM-SHA256) could be negotiated with the server.
Fix: Missing parts of ECDHE setup were reinstated.
Result: ECDHE ciphers can be negotiated.
|
Story Points: | --- |
Clone Of: | 1934642 | Environment: | |
Last Closed: | 2021-07-28 08:36:12 UTC | Type: | --- |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: | |||
Bug Depends On: | 1934642 | ||
Bug Blocks: |
Comment 1
Jan Staněk
2021-03-25 13:27:57 UTC
VERIFIED NEW PASS Version: rh-nodejs14-nodejs-14.17.2-1.el7 :: Test :::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: :: [ 08:55:02 ] :: [ BEGIN ] :: Running reproducer :: actually running 'node server.js &> server.log &' :: [ 08:55:02 ] :: [ PASS ] :: Running reproducer (Expected 0, got 0) :: [ 08:55:02 ] :: [ LOG ] :: Reporoducer is running on PID=32719 :: [ 08:55:03 ] :: [ BEGIN ] :: Running 'curl -k https://localhost:8433 &> curl.log' :: [ 08:55:03 ] :: [ PASS ] :: Command 'curl -k https://localhost:8433 &> curl.log' (Expected 0, got 0) :: [ 08:55:03 ] :: [ BEGIN ] :: Running 'kill 32719' /usr/share/beakerlib/testing.sh: line 756: 32719 Terminated node server.js &>server.log :: [ 08:55:03 ] :: [ PASS ] :: Command 'kill 32719' (Expected 0, got 0) :: [ 08:55:03 ] :: [ PASS ] :: File 'server.log' should contain 'listening on 8433' --------server.log:------ listening on 8433 --------\server.log------ :: [ 08:55:03 ] :: [ PASS ] :: File 'curl.log' should contain 'OK' :: [ 08:55:03 ] :: [ PASS ] :: File 'curl.log' should not contain 'curl: (35) Cannot communicate securely with peer: no common encryption algorithm(s).' --------curl.log:------ % Total % Received % Xferd Average Speed Time Time Time Current Dload Upload Total Spent Left Speed 0 0 0 0 0 0 0 0 --:--:-- --:--:-- --:--:-- 0 100 2 100 2 0 0 6 0 --:--:-- --:--:-- --:--:-- 6 OK--------\curl.log------ :::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: :: Duration: 1s :: Assertions: 6 good, 0 bad :: RESULT: PASS OLD FAIL: version: rh-nodejs14-nodejs-14.16.0-1.el7.x86_64 :: Test :::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: :: [ 12:53:23 ] :: [ BEGIN ] :: Running reproducer :: actually running 'node server.js &> server.log &' :: [ 12:53:23 ] :: [ PASS ] :: Running reproducer (Expected 0, got 0) :: [ 12:53:23 ] :: [ LOG ] :: Reporoducer is running on PID=9079 :: [ 12:53:24 ] :: [ BEGIN ] :: Running 'curl -k https://localhost:8433 &> curl.log' :: [ 12:53:24 ] :: [ FAIL ] :: Command 'curl -k https://localhost:8433 &> curl.log' (Expected 0, got 35) :: [ 12:53:24 ] :: [ BEGIN ] :: Running 'kill 9079' /usr/share/beakerlib/testing.sh: řádek 756: 9079 Ukončen (SIGTERM) node server.js &>server.log :: [ 12:53:24 ] :: [ PASS ] :: Command 'kill 9079' (Expected 0, got 0) :: [ 12:53:24 ] :: [ PASS ] :: File 'server.log' should contain 'listening on 8433' --------server.log:------ listening on 8433 --------\server.log------ :: [ 12:53:24 ] :: [ FAIL ] :: File 'curl.log' should contain 'OK' :: [ 12:53:24 ] :: [ FAIL ] :: File 'curl.log' should not contain 'curl: (35) Cannot communicate securely with peer: no common encryption algorithm(s).' --------curl.log:------ % Total % Received % Xferd Average Speed Time Time Time Current Dload Upload Total Spent Left Speed 0 0 0 0 0 0 0 0 --:--:-- --:--:-- --:--:-- 0 curl: (35) Cannot communicate securely with peer: no common encryption algorithm(s). --------\curl.log------ :::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: :: Duration: 1s :: Assertions: 3 good, 3 bad :: RESULT: FAIL (Test) Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory (Moderate: rh-nodejs14-nodejs and rh-nodejs14-nodejs-nodemon security update), and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHSA-2021:2932 |