Description of problem: Hardcoded and very low grade ciphers enabled in libiksemel: const int protocol_priority[] = { GNUTLS_TLS1, GNUTLS_SSL3, 0 }; const int kx_priority[] = { GNUTLS_KX_RSA, 0 }; const int cipher_priority[] = { GNUTLS_CIPHER_3DES_CBC, GNUTLS_CIPHER_ARCFOUR, 0}; const int comp_priority[] = { GNUTLS_COMP_ZLIB, GNUTLS_COMP_NULL, 0 }; const int mac_priority[] = { GNUTLS_MAC_SHA, GNUTLS_MAC_MD5, 0 }; SSL3, 3DES, RC4, SSL compression… With this setting not only low grade ciphers are available, but higher grades are disabled. So this is a major security issue, also affecting stable. Version-Release number of selected component (if applicable): 1.4-6 How reproducible: Always Additional info: See issue in upstream github: https://github.com/meduketto/iksemel/issues/48
Perhaps consider pulling from https://github.com/timothytylee/iksemel-1.4 , upstream seems to be unmaintained.
The github branch you link to isn't any better, iksemel is effectively abandoned. I do not have the time/desire to take on maintenance and as far as I can see no one else does either.
In case it's not obvious, iksemel has been retired on both the rawhide and epel7 branches and should disappear from EPEL7 soon. This will leave zabbix{20,22}-server-{mysql,pgsql} with broken dependencies. It's still available in EPEL6, though; perhaps it should be retired there as well. This will of course leave more broken dependencies in the various zabbix releases.
Yes, I was the one that just retired those branches. I just did EL6 as well. I emailed the zabbix and asterisk owners as well as the development list and no one seemed to care. From what I know of the Zabbix and Asterisk packaging it should be fairly easy to rebuild both packages without iksemel. https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org/message/I5442Q55W7YE6ZFFDBZIUBE7KM2ZNTM3/
*** Bug 1600897 has been marked as a duplicate of this bug. ***