1585022 – [downstream clone - 4.2.4] Add option to configure cipher list available for encrypted connections

Bug 1585022 - [downstream clone - 4.2.4] Add option to configure cipher list available for encrypted connections

Summary: [downstream clone - 4.2.4] Add option to configure cipher list available for ...

Keywords:
Status:	CLOSED ERRATA
Alias:	None
Product:	Red Hat Enterprise Virtualization Manager
Classification:	Red Hat
Component:	vdsm
Sub Component:
Version:	4.2.0
Hardware:	Unspecified
OS:	Unspecified
Priority:	unspecified
Severity:	high
Target Milestone:	ovirt-4.2.4
Target Release:	---
Assignee:	Piotr Kliczewski
QA Contact:	Jiri Belka
Docs Contact:
URL:
Whiteboard:
Depends On:	1585008 1641455
Blocks:	1577594
TreeView+	depends on / blocked

Reported:	2018-06-01 07:28 UTC by RHV bug bot
Modified:	2021-09-09 14:27 UTC (History)
CC List:	11 users (show)
Fixed In Version:
Doc Type:	Enhancement
Doc Text:	This release adds a new 'ssl_ciphers' option to VDSM, which allows you to configure available ciphers for encrypted connections (for example, the Manager to VDSM, or VDSM to VDSM). The values of this option conform to OpenSSL standard. To set this option: 1. Move the host to Maintenance in the Manager. 2. Create a new /etc/vdsm/vdsm.conf.d/99-custom-ciphers.conf file with the following content: [vars] ssl_ciphers = <VALUE> where <VALUE> is one of the values described in the CIPHERS STRINGD section in https://www.openssl.org/docs/man1.0.2/apps/ciphers.html. 3. Restart VDSM. 4. Activate the host in the Manager.
Clone Of:	1585008
Environment:
Last Closed:	2018-06-27 10:02:46 UTC
oVirt Team:	Infra
Target Upstream Version:
Embargoed:
Flags:	pmatyas: testing_plan_complete+

Attachments	(Terms of Use)

Links
System	ID	Priority	Status	Summary	Last Updated
Red Hat Issue Tracker	RHV-43508	None	None	None	2021-09-09 14:27:55 UTC
Red Hat Product Errata	RHEA-2018:2072	None	None	None	2018-06-27 10:03:30 UTC
oVirt gerrit	91474	'None'	MERGED	ssl: configurable ciphers	2020-02-25 13:11:52 UTC
oVirt gerrit	91627	'None'	MERGED	ssl: configurable ciphers	2020-02-25 13:11:52 UTC

Description RHV bug bot 2018-06-01 07:28:49 UTC

+++ This bug is a downstream clone. The original bug is: +++
+++   bug 1585008 +++
======================================================================

Description of problem:

Add ssl_ciphers option to be able to configure available ciphers for encrypted connections. Values of this options conforms to OpenSSL standards: https://www.openssl.org/docs/man1.0.2/apps/ciphers.html

Version-Release number of selected component (if applicable):


How reproducible:


Steps to Reproduce:
1.
2.
3.

Actual results:


Expected results:


Additional info:

(Originally by Martin Perina)

Comment 2 Jiri Belka 2018-06-01 12:46:41 UTC

ok, vdsm-4.20.29-1.el7ev.x86_64

# cat /etc/vdsm/vdsm.conf.d/99-custom-ciphers.conf 
[vars]
ssl_ciphers = HIGH

tested migration between non-updated and updated vdsm hosts in 4.2 env

Comment 6 errata-xmlrpc 2018-06-27 10:02:46 UTC

Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHEA-2018:2072

Comment 7 Franta Kust 2019-05-16 13:07:14 UTC

BZ<2>Jira Resync

Comment 8 Daniel Gur 2019-08-28 13:13:58 UTC

sync2jira

Comment 9 Daniel Gur 2019-08-28 13:18:13 UTC

sync2jira

Note You need to log in before you can comment on or make changes to this bug.