1511962 – [RFE] Enable TLSv12 support by default

Bug 1511962 - [RFE] Enable TLSv12 support by default

Summary: [RFE] Enable TLSv12 support by default

Keywords:
Status:	CLOSED ERRATA
Alias:	None
Product:	Red Hat Enterprise Virtualization Manager
Classification:	Red Hat
Component:	vdsm
Sub Component:
Version:	4.1.5
Hardware:	Unspecified
OS:	Unspecified
Priority:	high
Severity:	high
Target Milestone:	ovirt-4.2.0
Target Release:	---
Assignee:	Piotr Kliczewski
QA Contact:	Jiri Belka
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:	1513886
TreeView+	depends on / blocked

Reported:	2017-11-10 14:09 UTC by Martin Perina
Modified:	2021-06-10 13:34 UTC (History)
CC List:	9 users (show)
Fixed In Version:
Doc Type:	Release Note
Doc Text:	Previously, TLSv12 support was backported into Red Hat Virtualization 4.1.5 (BZ#1412552) but it was turned off by default and enabling TLSv12 required manual configuration. Now, TLSv12 support is enabled by default and no manual configuration is required.
Clone Of:
Clones:	1513886 (view as bug list)
Environment:
Last Closed:	2018-05-15 17:52:46 UTC
oVirt Team:	Infra
Target Upstream Version:
Embargoed:
Flags:	lsvaty: testing_plan_complete-

Attachments	(Terms of Use)

Links
System	ID	Private	Priority	Status	Summary	Last Updated
Red Hat Product Errata	RHEA-2018:1489	0	None	None	None	2018-05-15 17:53:52 UTC

Description Martin Perina 2017-11-10 14:09:29 UTC

Description of problem:

We have backported TLSv12 support into RHV 4.1.5 (BZ1412552), but it was turned off by default and enabled TLSv12 required manual configuration. We want to enable TLSv12 by default to make it aligned with RHV 4.2

Version-Release number of selected component (if applicable):


How reproducible:


Steps to Reproduce:
1.
2.
3.

Actual results:


Expected results:


Additional info:

Comment 2 Martin Perina 2017-11-16 08:43:50 UTC

Marking as TestOnly because in 4.2 we have already enabled TLSv12 by default as a part of BZ1408847

Comment 3 Red Hat Bugzilla Rules Engine 2017-11-22 09:33:47 UTC

The documentation text flag should only be set after 'doc text' field is provided. Please provide the documentation text and set the flag to '?' again.

Comment 4 Piotr Kliczewski 2017-12-01 08:28:38 UTC

Changing the target since the fix was part of 4.1.8 RC.

Comment 5 Martin Perina 2017-12-01 08:48:02 UTC

(In reply to Piotr Kliczewski from comment #4)
> Changing the target since the fix was part of 4.1.8 RC.

Moving back, for 4.1.8 we have clone BZ1513886

Comment 6 Jiri Belka 2017-12-07 16:04:46 UTC

ok

(this bz exists only to allow backporting this into 4.1.8)

# rpm2cpio vdsm-python-4.20.9-1.el7ev.noarch.rpm | cpio --to-stdout -i  './usr/lib/python2.7/site-packages/vdsm/common/config.py' 2>/dev/null | grep -A 2 ssl_protocol
        ('ssl_protocol', 'sslv23',
            'SSL protocol used by encrypted connection'),

Comment 11 errata-xmlrpc 2018-05-15 17:52:46 UTC

Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHEA-2018:1489

Comment 12 Franta Kust 2019-05-16 13:05:46 UTC

BZ<2>Jira Resync

Note You need to log in before you can comment on or make changes to this bug.