Description of problem: [root@jbelka-vm2 ~]# engine-config -s VdsmSSLProtocol="Blablav1.9" [root@jbelka-vm2 ~]# engine-config -g VdsmSSLProtocol VdsmSSLProtocol: Blablav1.9 version: general engine=# select * from vdc_options where option_name ilike '%vdsmsslprotocol%'; option_id | option_name | option_value | version -----------+-----------------+--------------+--------- 255 | VdsmSSLProtocol | Blablav1.9 | general (1 row) rhevm-4.0.7.1-0.1.el7ev.noarch engine-config should be strict enough to check most important inputs. we obviously do not have coded allowable values for some, just value type string :/ Version-Release number of selected component (if applicable): rhevm-4.0.7.1-0.1.el7ev.noarch How reproducible: 100% Steps to Reproduce: 1. try to put whatever string into a option which accepts just known values 2. check what was saved 3. Actual results: we can put whatever into DB Expected results: be more strict, at least for most important values Additional info:
This option is no longer relevant to users, because in both 4.1 and 4.0.7 it's set to TLSv1.2 by default, which means we will always try to negotiate highest available TLS version provided by VDSM on the host. I don't see any reason why users want to limit negotiation to TLSv1.1 (or even TLSv1 which is no longer considered secure). So we would like to remove VdsmSSLProtocol from public engine-config properties, because it's only relevant to QA/developers and they could change that directly in the db
[root@jbelka-vm1 ~]# engine-config -g VdsmSSLProtocol; rpm -q rhevm Error fetching VdsmSSLProtocol value: no such entry. Please verify key name and property file support. rhevm-4.1.2.1-0.1.el7.noarch