Bug 1942591

Summary: ECDHE ciphers missing in rh-nodejs14 [rhscl-3.7.z]
Product: Red Hat Software Collections Reporter: RHEL Program Management Team <pgm-rhel-tools>
Component: nodejsAssignee: Jan Staněk <jstanek>
Status: CLOSED ERRATA QA Contact: Jan Houska <jhouska>
Severity: high Docs Contact:
Priority: unspecified    
Version: rh-nodejs14CC: bmikulov, hhorak, jeffrey.dillahay, jhouska, jstanek, msuchy, yuri
Target Milestone: alphaKeywords: Triaged, ZStream
Target Release: 3.7Flags: pm-rhel: mirror+
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Cause: During refactoring, a part of a patch was missed which was necessary to properly setup ECDHE negotiation with OpenSSL 1.0.*. Consequence: No ECDHE ciphers (i.e. ECDHE-RSA-AES128-GCM-SHA256) could be negotiated with the server. Fix: Missing parts of ECDHE setup were reinstated. Result: ECDHE ciphers can be negotiated.
Story Points: ---
Clone Of: 1934642 Environment:
Last Closed: 2021-07-28 08:36:12 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 1934642    
Bug Blocks:    

Comment 6 Jan Houska 2021-07-22 16:56:10 UTC
VERIFIED

NEW PASS
Version:
rh-nodejs14-nodejs-14.17.2-1.el7



::   Test
::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::

:: [ 08:55:02 ] :: [  BEGIN   ] :: Running reproducer :: actually running 'node server.js &> server.log &'
:: [ 08:55:02 ] :: [   PASS   ] :: Running reproducer (Expected 0, got 0)
:: [ 08:55:02 ] :: [   LOG    ] :: Reporoducer is running on PID=32719
:: [ 08:55:03 ] :: [  BEGIN   ] :: Running 'curl -k https://localhost:8433 &> curl.log'
:: [ 08:55:03 ] :: [   PASS   ] :: Command 'curl -k https://localhost:8433 &> curl.log' (Expected 0, got 0)
:: [ 08:55:03 ] :: [  BEGIN   ] :: Running 'kill 32719'
/usr/share/beakerlib/testing.sh: line 756: 32719 Terminated              node server.js &>server.log
:: [ 08:55:03 ] :: [   PASS   ] :: Command 'kill 32719' (Expected 0, got 0)
:: [ 08:55:03 ] :: [   PASS   ] :: File 'server.log' should contain 'listening on 8433' 
--------server.log:------
listening on 8433
--------\server.log------
:: [ 08:55:03 ] :: [   PASS   ] :: File 'curl.log' should contain 'OK' 
:: [ 08:55:03 ] :: [   PASS   ] :: File 'curl.log' should not contain 'curl: (35) Cannot communicate securely with peer: no common encryption algorithm(s).' 
--------curl.log:------
  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed

  0     0    0     0    0     0      0      0 --:--:-- --:--:-- --:--:--     0
100     2  100     2    0     0      6      0 --:--:-- --:--:-- --:--:--     6
OK--------\curl.log------
::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
::   Duration: 1s
::   Assertions: 6 good, 0 bad
::   RESULT: PASS


OLD FAIL:
version:  
rh-nodejs14-nodejs-14.16.0-1.el7.x86_64

::   Test
::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::

:: [ 12:53:23 ] :: [  BEGIN   ] :: Running reproducer :: actually running 'node server.js &> server.log &'
:: [ 12:53:23 ] :: [   PASS   ] :: Running reproducer (Expected 0, got 0)
:: [ 12:53:23 ] :: [   LOG    ] :: Reporoducer is running on PID=9079
:: [ 12:53:24 ] :: [  BEGIN   ] :: Running 'curl -k https://localhost:8433 &> curl.log'
:: [ 12:53:24 ] :: [   FAIL   ] :: Command 'curl -k https://localhost:8433 &> curl.log' (Expected 0, got 35)
:: [ 12:53:24 ] :: [  BEGIN   ] :: Running 'kill 9079'
/usr/share/beakerlib/testing.sh: řádek 756:  9079 Ukončen (SIGTERM)      node server.js &>server.log
:: [ 12:53:24 ] :: [   PASS   ] :: Command 'kill 9079' (Expected 0, got 0)
:: [ 12:53:24 ] :: [   PASS   ] :: File 'server.log' should contain 'listening on 8433' 
--------server.log:------
listening on 8433
--------\server.log------
:: [ 12:53:24 ] :: [   FAIL   ] :: File 'curl.log' should contain 'OK' 
:: [ 12:53:24 ] :: [   FAIL   ] :: File 'curl.log' should not contain 'curl: (35) Cannot communicate securely with peer: no common encryption algorithm(s).' 
--------curl.log:------
  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
  0     0    0     0    0     0      0      0 --:--:-- --:--:-- --:--:--     0
curl: (35) Cannot communicate securely with peer: no common encryption algorithm(s).
--------\curl.log------
::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
::   Duration: 1s
::   Assertions: 3 good, 3 bad
::   RESULT: FAIL (Test)

Comment 10 errata-xmlrpc 2021-07-28 08:36:12 UTC
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory (Moderate: rh-nodejs14-nodejs and rh-nodejs14-nodejs-nodemon security update), and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHSA-2021:2932