Bug 1491691 - rpc: TLSv1_2_method() is deprecated in OpenSSL-1.1
Summary: rpc: TLSv1_2_method() is deprecated in OpenSSL-1.1
Keywords:
Status: CLOSED CURRENTRELEASE
Alias: None
Product: GlusterFS
Classification: Community
Component: rpc
Version: 3.10
Hardware: Unspecified
OS: Unspecified
unspecified
unspecified
Target Milestone: ---
Assignee: bugs@gluster.org
QA Contact:
URL:
Whiteboard:
Depends On: 1491025
Blocks: glusterfs-3.10.6 1491690
TreeView+ depends on / blocked
 
Reported: 2017-09-14 12:23 UTC by Kaleb KEITHLEY
Modified: 2017-10-06 17:11 UTC (History)
1 user (show)

Fixed In Version: glusterfs-3.10.6
Doc Type: If docs needed, set a value
Doc Text:
Clone Of: 1491025
Environment:
Last Closed: 2017-10-06 17:11:53 UTC
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:


Attachments (Terms of Use)

Description Kaleb KEITHLEY 2017-09-14 12:23:53 UTC
+++ This bug was initially created as a clone of Bug #1491025 +++

Description of problem:

Fedora 26 has OpenSSL-1.1. Compile-time warnings indicate that TLSv1_2_method() is now deprecated. As per the SSL man page:

TLS_method(), TLS_server_method(), TLS_client_method()
  These are the general-purpose version-flexible SSL/TLS methods.  The actual protocol version used will be negotiated to the highest version mutually supported by the client and the server.  The supported protocols are SSLv3, TLSv1, TLSv1.1 and TLSv1.2.  Applications should use these methods, and avoid the version-specific methods described below.
...
  TLSv1_2_method(), ...
...

Version-Release number of selected component (if applicable):


How reproducible:


Steps to Reproduce:
1.
2.
3.

Actual results:


Expected results:


Additional info:

--- Additional comment from Worker Ant on 2017-09-12 15:37:16 EDT ---

REVIEW: https://review.gluster.org/18268 (rpc: TLSv1_2_method() is deprecated in OpenSSL-1.1) posted (#1) for review on master by Kaleb KEITHLEY (kkeithle@redhat.com)

--- Additional comment from Worker Ant on 2017-09-13 08:12:37 EDT ---

REVIEW: https://review.gluster.org/18268 (rpc: TLSv1_2_method() is deprecated in OpenSSL-1.1) posted (#2) for review on master by Kaleb KEITHLEY (kkeithle@redhat.com)

--- Additional comment from Worker Ant on 2017-09-13 14:22:52 EDT ---

COMMIT: https://review.gluster.org/18268 committed in master by Jeff Darcy (jeff@pl.atyp.us) 
------
commit 0643510e9852059b465e99f4ea255a3d3aeb9e86
Author: Kaleb S. KEITHLEY <kkeithle@redhat.com>
Date:   Tue Sep 12 15:34:15 2017 -0400

    rpc: TLSv1_2_method() is deprecated in OpenSSL-1.1
    
    Fedora 26 has OpenSSL-1.1. Compile-time warnings indicate
    that TLSv1_2_method() is now deprecated. As per the SSL man page:
    
      TLS_method(), TLS_server_method(), TLS_client_method()
        These are the general-purpose version-flexible SSL/TLS methods.
        The actual protocol version used will be negotiated to the highest
        version mutually supported by the client and the server. The
        supported protocols are SSLv3, TLSv1, TLSv1.1 and TLSv1.2.
        Applications should use these methods, and avoid the version-
        specific methods described below.
      ...
      TLSv1_2_method(), ...
      ...
    
    Note that OpenSSL-1.1 is the version of OpenSSL; Fedora 25 and RHEL 7.3
    and other distributions (still) have OpenSSL-1.0.
    
    TLS versions are orthogonal to the OpenSSL version.  TLS_method() is the
    new — in OpenSSL-1.1 — version flexible function intended to replace the
    TLSv1_2_method() function in OpenSSL-1.0 and the older (?), insecure
    TLSv23_method(). (OpenSSL-1.0 does not have TLS_method())
    
    Change-Id: I190363ccffe7c25606ea2cf30a6b9ff1ec186057
    BUG: 1491025
    Signed-off-by: Kaleb S. KEITHLEY <kkeithle@redhat.com>
    Reviewed-on: https://review.gluster.org/18268
    Reviewed-by: Emmanuel Dreyfus <manu@netbsd.org>
    Smoke: Gluster Build System <jenkins@build.gluster.org>
    Reviewed-by: Niels de Vos <ndevos@redhat.com>
    CentOS-regression: Gluster Build System <jenkins@build.gluster.org>

Comment 1 Worker Ant 2017-09-14 12:52:57 UTC
REVIEW: https://review.gluster.org/18285 (rpc: TLSv1_2_method() is deprecated in OpenSSL-1.1) posted (#1) for review on release-3.10 by Kaleb KEITHLEY (kkeithle@redhat.com)

Comment 2 Worker Ant 2017-09-17 12:55:44 UTC
COMMIT: https://review.gluster.org/18285 committed in release-3.10 by Shyamsundar Ranganathan (srangana@redhat.com) 
------
commit b221e51609f558d96652679943326e940d52e2db
Author: Kaleb S. KEITHLEY <kkeithle@redhat.com>
Date:   Tue Sep 12 15:34:15 2017 -0400

    rpc: TLSv1_2_method() is deprecated in OpenSSL-1.1
    
    Fedora 26 has OpenSSL-1.1. Compile-time warnings indicate
    that TLSv1_2_method() is now deprecated. As per the SSL man page:
    
      TLS_method(), TLS_server_method(), TLS_client_method()
        These are the general-purpose version-flexible SSL/TLS methods.
        The actual protocol version used will be negotiated to the highest
        version mutually supported by the client and the server. The
        supported protocols are SSLv3, TLSv1, TLSv1.1 and TLSv1.2.
        Applications should use these methods, and avoid the version-
        specific methods described below.
      ...
      TLSv1_2_method(), ...
      ...
    
    Note that OpenSSL-1.1 is the version of OpenSSL; Fedora 25 and RHEL 7.3
    and other distributions (still) have OpenSSL-1.0.
    
    TLS versions are orthogonal to the OpenSSL version.  TLS_method() is the
    new — in OpenSSL-1.1 — version flexible function intended to replace the
    TLSv1_2_method() function in OpenSSL-1.0 and the older (?), insecure
    TLSv23_method(). (OpenSSL-1.0 does not have TLS_method())
    
    master: https://review.gluster.org/18268
    master BZ: 1491025
    release-3.12: https://review.gluster.org/18284
    release-3.12 BZ: 1491690
    
    Change-Id: I190363ccffe7c25606ea2cf30a6b9ff1ec186057
    BUG: 1491691
    Signed-off-by: Kaleb S. KEITHLEY <kkeithle@redhat.com>
    Reviewed-on: https://review.gluster.org/18285
    Smoke: Gluster Build System <jenkins@build.gluster.org>
    CentOS-regression: Gluster Build System <jenkins@build.gluster.org>

Comment 3 Shyamsundar 2017-10-06 17:11:53 UTC
This bug is getting closed because a release has been made available that should address the reported issue. In case the problem is still not fixed with glusterfs-3.10.6, please open a new bug report.

glusterfs-3.10.6 has been announced on the Gluster mailinglists [1], packages for several distributions should become available in the near future. Keep an eye on the Gluster Users mailinglist [2] and the update infrastructure for your distribution.

[1] http://lists.gluster.org/pipermail/announce/2017-October/000084.html
[2] https://www.gluster.org/pipermail/gluster-users/


Note You need to log in before you can comment on or make changes to this bug.