Bug 1585022 – [downstream clone - 4.2.4] Add option to configure cipher list available for encrypted connections

Bugzilla will be upgraded to version 5.0. The upgrade date is tentatively scheduled for 2 December 2018, pending final testing and feedback.

Bug 1585022 - [downstream clone - 4.2.4] Add option to configure cipher list available for encrypted connections

Summary:	[downstream clone - 4.2.4] Add option to configure cipher list available for ...

Status:	CLOSED ERRATA

Aliases:	None

Product:	Red Hat Enterprise Virtualization Manager
Classification:	Red Hat
Component:	vdsm (Show other bugs)
Sub Component:
Version:	4.2.0
Hardware:	Unspecified Unspecified

Priority	unspecified Severity high
Target Milestone:	ovirt-4.2.4
Target Release:	---
Assigned To:	Piotr Kliczewski
QA Contact:	Jiri Belka
Docs Contact:

URL:
Whiteboard:
Keywords:	ZStream

Depends On:	1585008 1641455
Blocks:	1577594
	Show dependency tree / graph

Reported:	2018-06-01 03:28 EDT by RHV Bugzilla Automation and Verification Bot
Modified:	2018-10-22 02:14 EDT (History)
CC List:	11 users (show)

See Also:
Fixed In Version:
Doc Type:	Enhancement
Doc Text:	This release adds a new 'ssl_ciphers' option to VDSM, which allows you to configure available ciphers for encrypted connections (for example, the Manager to VDSM, or VDSM to VDSM). The values of this option conform to OpenSSL standard. To set this option: 1. Move the host to Maintenance in the Manager. 2. Create a new /etc/vdsm/vdsm.conf.d/99-custom-ciphers.conf file with the following content: [vars] ssl_ciphers = <VALUE> where <VALUE> is one of the values described in the CIPHERS STRINGD section in https://www.openssl.org/docs/man1.0.2/apps/ciphers.html. 3. Restart VDSM. 4. Activate the host in the Manager.
Story Points:	---
Clone Of:	1585008
Environment:
Last Closed:	2018-06-27 06:02:46 EDT
Type:	---
Regression:	---
Mount Type:	---
Documentation:	---
CRM:
Verified Versions:
Category:	---
oVirt Team:	Infra
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team:	---

Attachments	(Terms of Use)
Add an attachment (proposed patch, testcase, etc.)

External Trackers
Tracker	ID	Priority	Status	Summary	Last Updated
oVirt gerrit	91474	None	None	None	2018-06-01 03:28 EDT
oVirt gerrit	91627	None	None	None	2018-06-01 03:28 EDT
Red Hat Product Errata	RHEA-2018:2072	None	None	None	2018-06-27 06:03 EDT

Groups: None (edit)

Description RHV Bugzilla Automation and Verification Bot 2018-06-01 03:28:49 EDT

+++ This bug is a downstream clone. The original bug is: +++
+++   bug 1585008 +++
======================================================================

Description of problem:

Add ssl_ciphers option to be able to configure available ciphers for encrypted connections. Values of this options conforms to OpenSSL standards: https://www.openssl.org/docs/man1.0.2/apps/ciphers.html

Version-Release number of selected component (if applicable):


How reproducible:


Steps to Reproduce:
1.
2.
3.

Actual results:


Expected results:


Additional info:

(Originally by Martin Perina)

Comment 2 Jiri Belka 2018-06-01 08:46:41 EDT

ok, vdsm-4.20.29-1.el7ev.x86_64

# cat /etc/vdsm/vdsm.conf.d/99-custom-ciphers.conf 
[vars]
ssl_ciphers = HIGH

tested migration between non-updated and updated vdsm hosts in 4.2 env

Comment 6 errata-xmlrpc 2018-06-27 06:02:46 EDT

Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHEA-2018:2072

Note You need to log in before you can comment on or make changes to this bug.