Description of problem: At the moment we limit protocol negotiation to TLSv1.0, because issues with m2crypto in the past. We were not able to reproduce those issues in latest m2crypto on EL7, so we can remove this limit and allow engine to negotiate highest TLS version available on VDSM side. Version-Release number of selected component (if applicable): How reproducible: Steps to Reproduce: 1. 2. 3. Actual results: Expected results: Additional info:
Retargeting to 4.1.1 to allow more extensive testing of the feature
ok, ovirt-engine-4.1.1.3-0.1.el7.noarch 1. VdsmSSLProtocol = TLSv1.2 vs ssl_protocol = tlsv1 > client tls 1.2, agreed tls 1.0 2. VdsmSSLProtocol = TLSv1.2 vs ssl_protocol = sslv23 > client tls 1.2, agreed tls 1.2