+++ This bug was initially created as a clone of Bug #1154184 +++ RHEV should not use SSLv3 encryption. It should use TLS instead. SSL is an old encryption type and TLS is much newer. Also, ssl is vulnerable, as per CVE-2014-3566: https://access.redhat.com/articles/1232123
Further investigation has shown that it is an openJDK update that disables SSL 3.0 by default which breaks Console
Added doc text as discussed. Could you confirm if this is fine?
doc-text looks fine
Hi Kasturi, Could you confirm if the jdk package name mentioned in the doc text is correct?
yes. The open jdk version mentioned in the doc text is correct.
Verified as fixed in rhsc-3.0.3-1.21.el6rhs. OpenJDK version installed - java-1.7.0-openjdk-1.7.0.75-2.5.4.0.el6_6.x86_64 Tested by upgrading RHSC from rhsc-3.0.3-1.20.el6rhs to rhsc-3.0.3-1.21.el6rhs. Nodes that were non-responsive are now UP. Added a new host to the engine, and imported existing cluster. Found to be working without any issues. Option 'VdsmSSLProtocol' in engine database is set to TLSv1 - engine=# select option_name,option_value from vdc_options where option_name = 'VdsmSSLProtocol'; option_name | option_value -----------------+-------------- VdsmSSLProtocol | TLSv1 (1 row)
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://rhn.redhat.com/errata/RHBA-2015-0168.html