Bug 1421204 - Allow TLSv1.2 during protocol negotiation for external provider communication
Summary: Allow TLSv1.2 during protocol negotiation for external provider communication
Keywords:
Status: CLOSED CURRENTRELEASE
Alias: None
Product: ovirt-engine
Classification: oVirt
Component: BLL.Infra
Version: ---
Hardware: Unspecified
OS: Unspecified
unspecified
high
Target Milestone: ovirt-4.1.3
: 4.1.3
Assignee: Martin Perina
QA Contact: Jiri Belka
URL:
Whiteboard:
Depends On:
Blocks: RHV_TLS_1_2_SUPPORT
TreeView+ depends on / blocked
 
Reported: 2017-02-10 15:24 UTC by Martin Perina
Modified: 2017-07-06 13:19 UTC (History)
6 users (show)

Fixed In Version:
Doc Type: Enhancement
Doc Text:
Previous versions of Red Hat Virtualization were able to negotiate encryption protocol up to TLSv1 for external provider communication. This update adds the the ability to negotiate encryption protocol up to TLSv1.2. Note: The exact version used for communication depends on highest version available on the external provider target.
Clone Of:
Environment:
Last Closed: 2017-07-06 13:19:36 UTC
oVirt Team: Infra
rule-engine: ovirt-4.1+
mgoldboi: planning_ack+
mperina: devel_ack+
lsvaty: testing_ack+


Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
oVirt gerrit 72083 0 master MERGED core: Allow TLSv1.2 for external provider communication 2017-03-24 13:23:35 UTC
oVirt gerrit 76940 0 ovirt-engine-4.1 MERGED core: Allow TLSv1.2 for external provider communication 2017-05-17 13:06:31 UTC

Description Martin Perina 2017-02-10 15:24:49 UTC
Description of problem:

Currently we allow protocol negotiation only up to TLSv1.0. We should remove this limit and allow negotiation up to TLSv1.2 for communication with external providers like Foreman, Neutron or Glance.

Version-Release number of selected component (if applicable):


How reproducible:


Steps to Reproduce:
1.
2.
3.

Actual results:


Expected results:


Additional info:

Comment 3 Jiri Belka 2017-06-20 15:18:49 UTC
ok, ovirt-engine-4.1.3.4-0.1.el7.noarch (Version: TLS 1.2 (0x0303)

check with wireshark and satellite private keys while adding satellite as external provider


Note You need to log in before you can comment on or make changes to this bug.