Bug 1942592

Summary: ECDHE ciphers missing in rh-nodejs12 [rhscl-3.6.z]
Product: Red Hat Software Collections Reporter: RHEL Program Management Team <pgm-rhel-tools>
Component: nodejsAssignee: Jan Staněk <jstanek>
Status: CLOSED ERRATA QA Contact: Jan Houska <jhouska>
Severity: high Docs Contact:
Priority: unspecified    
Version: rh-nodejs12CC: bmikulov, hhorak, jeffrey.dillahay, jhouska, jstanek, msuchy
Target Milestone: alphaKeywords: Reopened, Triaged, ZStream
Target Release: 3.7Flags: pm-rhel: mirror+
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Cause: During refactoring, a part of a patch was missed which was necessary to properly setup ECDHE negotiation with OpenSSL 1.0.*. Consequence: No ECDHE ciphers (i.e. ECDHE-RSA-AES128-GCM-SHA256) could be negotiated with the server. Fix: Missing parts of ECDHE setup were reinstated. Result: ECDHE ciphers can be negotiated.
 Story Points: ---
Clone Of: 1910749 Environment:
Last Closed: 2021-07-28 08:33:07 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 1910749    
Bug Blocks:    

Comment 1 Jan Staněk 2021-03-25 13:28:54 UTC 
Fix imported to dist-git: http://pkgs.devel.redhat.com/cgit/rpms/nodejs/commit/?h=rhscl-3.6-rh-nodejs12-rhel-7&id=14697ab6e49f9e8c1289f502f7972ffbd5fc521d
Comment 2 Jan Staněk 2021-07-08 12:33:05 UTC 
The release with fix will be delivered in the rhscl-3.7.z stream; we did not manage to release one in rhscl-3.6.z. Closing as nextrelease.
Comment 3 Jan Staněk 2021-07-13 15:30:45 UTC 
Re-opening as tracking bug for the rhscl-3.7.z.
Comment 7 Jan Houska 2021-07-22 16:01:29 UTC 
VERIFIED:


NEW PASS:
version:
rh-nodejs12-nodejs-12.22.2-1.el7.ppc64le


::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
::   Test
::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::

:: [ 07:46:19 ] :: [  BEGIN   ] :: Running reproducer :: actually running 'node server.js &> server.log &'
:: [ 07:46:19 ] :: [   PASS   ] :: Running reproducer (Expected 0, got 0)
:: [ 07:46:19 ] :: [   LOG    ] :: Reporoducer is running on PID=25963
:: [ 07:46:20 ] :: [  BEGIN   ] :: Running 'curl -k https://localhost:8433 &> curl.log'
:: [ 07:46:20 ] :: [   PASS   ] :: Command 'curl -k https://localhost:8433 &> curl.log' (Expected 0, got 0)
:: [ 07:46:20 ] :: [  BEGIN   ] :: Running 'kill 25963'
/usr/share/beakerlib/testing.sh: line 756: 25963 Terminated              node server.js &>server.log
:: [ 07:46:20 ] :: [   PASS   ] :: Command 'kill 25963' (Expected 0, got 0)
:: [ 07:46:20 ] :: [   PASS   ] :: File 'server.log' should contain 'listening on 8433' 
--------server.log:------
listening on 8433
--------\server.log------
:: [ 07:46:20 ] :: [   PASS   ] :: File 'curl.log' should contain 'OK' 
:: [ 07:46:20 ] :: [   PASS   ] :: File 'curl.log' should not contain 'curl: (35) Cannot communicate securely with peer: no common encryption algorithm(s).' 
--------curl.log:------
  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed

  0     0    0     0    0     0      0      0 --:--:-- --:--:-- --:--:--     0
100     2  100     2    0     0      8      0 --:--:-- --:--:-- --:--:--     8
OK--------\curl.log------
::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
::   Duration: 1s
::   Assertions: 6 good, 0 bad
::   RESULT: PASS


OLD FAIL
version:
rh-nodejs12-nodejs-12.21.0-1.el7.::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
::   Test
::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::

:: [ 11:55:25 ] :: [  BEGIN   ] :: Running reproducer :: actually running 'node server.js &> server.log &'
:: [ 11:55:25 ] :: [   PASS   ] :: Running reproducer (Expected 0, got 0)
:: [ 11:55:25 ] :: [   LOG    ] :: Reporoducer is running on PID=9077
:: [ 11:55:26 ] :: [  BEGIN   ] :: Running 'curl -k https://localhost:8433 &> curl.log'
:: [ 11:55:27 ] :: [   FAIL   ] :: Command 'curl -k https://localhost:8433 &> curl.log' (Expected 0, got 35)
:: [ 11:55:27 ] :: [  BEGIN   ] :: Running 'kill 9077'
/usr/share/beakerlib/testing.sh: řádek 756:  9077 Ukončen (SIGTERM)      node server.js &>server.log
:: [ 11:55:27 ] :: [   PASS   ] :: Command 'kill 9077' (Expected 0, got 0)
:: [ 11:55:27 ] :: [   PASS   ] :: File 'server.log' should contain 'listening on 8433' 
--------server.log:------
listening on 8433
--------\server.log------
:: [ 11:55:27 ] :: [   FAIL   ] :: File 'curl.log' should contain 'OK' 
:: [ 11:55:27 ] :: [   FAIL   ] :: File 'curl.log' should not contain 'curl: (35) Cannot communicate securely with peer: no common encryption algorithm(s).' 
--------curl.log:------
  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
  0     0    0     0    0     0      0      0 --:--:-- --:--:-- --:--:--     0
curl: (35) Cannot communicate securely with peer: no common encryption algorithm(s).
--------\curl.log------
::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
::   Duration: 2s
::   Assertions: 3 good, 3 bad
::   RESULT: FAIL (Test)
x86_64
Comment 11 errata-xmlrpc 2021-07-28 08:33:07 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory (Moderate: rh-nodejs12-nodejs and rh-nodejs12-nodejs-nodemon security update), and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHSA-2021:2931