Description of problem: Add ssl_ciphers option to be able to configure available ciphers for encrypted connections. Values of this options conforms to OpenSSL standards: https://www.openssl.org/docs/man1.0.2/apps/ciphers.html Version-Release number of selected component (if applicable): How reproducible: Steps to Reproduce: 1. 2. 3. Actual results: Expected results: Additional info:
Verified on vdsm-4.30.4-1.el7ev.x86_64 Only ciphers with key lengths larger than 128 bits work now by default, can be changed in vdsm.conf
Copied approved Doc_text from cloned downstream - https://bugzilla.redhat.com/show_bug.cgi?id=1585022 "This release adds a new 'ssl_ciphers' option to VDSM, which allows you to configure available ciphers for encrypted connections (for example, the Manager to VDSM, or VDSM to VDSM). The values of this option conform to OpenSSL standard. To set this option: 1. Move the host to Maintenance in the Manager. 2. Create a new /etc/vdsm/vdsm.conf.d/99-custom-ciphers.conf file with the following content: [vars] ssl_ciphers = <VALUE> where <VALUE> is one of the values described in the CIPHERS STRINGD section in https://www.openssl.org/docs/man1.0.2/apps/ciphers.html. 3. Restart VDSM. 4. Activate the host in the Manager."
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHBA-2019:1077