Description of problem: With ssl enabled set up when we are doing any cifs mount or windows mount with basic IO we are encountering continuous cipher error messages as below [2016-11-24 09:37:07.174449] E [socket.c:4102:socket_init] 0-samba-official-client-3: failed to open /etc/ssl/dhparam.pem, DH ciphers are disabled Version-Release number of selected component (if applicable): samba-4.4.6-2.el7rhgs.x86_64 glusterfs-cli-3.8.4-5.el7rhgs.x86_64 How reproducible: 1/1 Steps to Reproduce: 1.WIth SSL enabled setup of a 4 node cluster 2.Do a cifs mount 3.Do a windows mount 4.Copy paste data into the share Actual results: [2016-11-24 09:37:07.174449] E [socket.c:4102:socket_init] 0-samba-official-client-3: failed to open /etc/ssl/dhparam.pem, DH ciphers are disabled Expected results: Should not get any error messages Additional info:
This is not the real functional issue. Diffie-Hellman algorithm makes use of the largest prime number that is provided by openssl package earlier. openssl no longer ships this prime number for security reasons, though one can generate the largest prime number and store it in dhparam.pem. These logs indicate that there are no prime numbers available. TLS will not be using Diffie-Hellman algorithm and uses some other secured algorithm. So this error message is benign and could be safely ignored. I would rather ask for change in log-level of this message so that it could be moved from 'ERROR' to 'INFO', that would help users not to get worried about these messages.
REVISION POSTED: https://review.gluster.org/21108 (Modify log message 'DH ciphers are disabled' from ERROR to INFO) posted (#2) for review on master by Amar Tumballi