Bug 1277391 - Default values for secure-socket-protocol parameters in rhq-server.properties file need to be changed
Default values for secure-socket-protocol parameters in rhq-server.properties...
Status: NEW
Product: RHQ Project
Classification: Other
Component: Configuration (Show other bugs)
4.12
Unspecified Unspecified
unspecified Severity unspecified (vote)
: ---
: ---
Assigned To: RHQ Project Maintainer
Mike Foley
:
Depends On:
Blocks: 1277389
  Show dependency treegraph
 
Reported: 2015-11-03 03:51 EST by bkramer
Modified: 2015-11-03 03:51 EST (History)
1 user (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed:
Type: Bug
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description bkramer 2015-11-03 03:51:24 EST
Description of problem:

Currently, security.secure-socket-protocol parameters from rhq-server.properties file are set as:

    ** rhq.server.client.security.secure-socket-protocol=TLS
    ** rhq.communications.connector.security.secure-socket-protocol=TLS
    ** rhq.server.tomcat.security.secure-socket-protocol=TLS

This worked fine in all versions prior to RHQ 4.12 (version equivalent to JBoss ON 3.3.4). However, in the latest RHQ 4.12 (equivalent JBoss ON 3.3.4), protocol without version is not accepted any more. 

So, above "TLS" value should be replaced with "TLSv1,TLSv1.1,TLSv1.2".



Version-Release number of selected component (if applicable):
RHQ 4.12 (equivalent to JON 3.3.4)

How reproducible:
Always

Steps to Reproduce:


Actual results:
Attempt to log in using https and 7443 port fails and on Firefox the following error is shown ssl_error_no_cypher_overlap. The same attempt on Chrome fails with ERR_SSL_VERSION_OR_CIPHER_MISMATCH error.

Expected results:
No error is thrown and attempt to log in using https and 7443 works fine.

Additional info:

Note You need to log in before you can comment on or make changes to this bug.