Reducing severity to high as we need to wait if/how underlying RHEL issue is handled. But at the moment we cannot do anything about it

(In reply to Martin Perina from comment #1)
> Reducing severity to high as we need to wait if/how underlying RHEL issue is
> handled. But at the moment we cannot do anything about it

Any updates?

(In reply to Yaniv Kaul from comment #2)
> (In reply to Martin Perina from comment #1)
> > Reducing severity to high as we need to wait if/how underlying RHEL issue is
> > handled. But at the moment we cannot do anything about it
> 
> Any updates?

We can't do anything, platform needs to provide a fix for that (more info in BZ1481280).

So according to platform bug BZ1481280, they will not re-enable no longer secure cipher 3des-cbc, so the only way how to use the cipher is to specify it in additional paramater for fence_drac5 agent using Options field in webadmin:

  ssh_options="-oCiphers=+3des-cbc"

Unfortunately we are not able to enter such value into Options field as it somehow breaks our current validation.

Using ovirt-engine-4.1.8.1-0.1.el7.noarch and adding ssh_options="-oCiphers=+3des-cbc" still gives me unable to login error

Moving back to modified, because we have already provided the infra to be able to set key=key=value into Options field of Fence Agent.

If platform doesn't change the defaults, then users will need to set login_timeout=30 along with ssh_options="-oCiphers=+3des-cbc" into Options field. Otherwise specifying ssh_options is enough

Verified on ovirt-engine-4.1.9-0.2.el7.noarch

Using these values in options field: ssh_options="-oCiphers=+3des-cbc,login_timeout=30

This bugzilla is included in oVirt 4.1.9 release, published on Jan 24th 2018.

Since the problem described in this bug report should be
resolved in oVirt 4.1.9 release, published on Jan 24th 2018, it has been closed with a resolution of CURRENT RELEASE.

If the solution does not work for you, please open a new bug report.