Bug 1659155 - NoVNC with E2E encryption fails with Unsupported security types: 19
Summary: NoVNC with E2E encryption fails with Unsupported security types: 19
Keywords:
Status: CLOSED CURRENTRELEASE
Alias: None
Product: ovirt-engine
Classification: oVirt
Component: WebSocket Proxy
Version: 4.3.0
Hardware: Unspecified
OS: Unspecified
high
urgent
Target Milestone: ovirt-4.3.0
: ---
Assignee: Tomasz Barański
QA Contact: Liran Rotenberg
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2018-12-13 17:23 UTC by Liran Rotenberg
Modified: 2019-02-13 07:43 UTC (History)
6 users (show)

Fixed In Version:
Clone Of:
Environment:
Last Closed: 2019-02-13 07:43:01 UTC
oVirt Team: Virt
Embargoed:
rule-engine: ovirt-4.3+

Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
oVirt gerrit 96382 0 None MERGED core: NoVNC with E2E encryption fails 2020-05-15 07:34:27 UTC

Description Liran Rotenberg 2018-12-13 17:23:42 UTC 
Description of problem:
When end to end encryption is enabled for VNC. Triggering NoVNC console results with: "Unsupported security types: 19".

Version-Release number of selected component (if applicable):
ovirt-engine-4.3.0-0.4.master.20181207184726.git7928cae.el7.noarch
novnc-0.5.1-2.el7.noarch

How reproducible:
100%

Steps to Reproduce:
Note: Steps 1-2 are if the VNC encryption isn't set)
1. Set the cluster with VNC encryption(Cluster->Enable VNC Encryption)
2. Reinstall the host to apply the changes
3. Verify the host with VNC encryption:
# cat /etc/libvirt/qemu.conf | grep "vnc_tls = 1"
Watch that it's not commented.
4. Run VM with VNC console
5. Check the VM is with VNC encryption:
# ps -ef | grep qemu
You should see:
tls,x509 in it.
6. Start NoVNC console to the VM.

Actual results:
Console isn't open, Got the error: "Unsupported security types: 19".

Expected results:
Console open as usual.

Additional info:
This is regression caused by BZ: 1597085
Comment 1 Michal Skrivanek 2018-12-14 06:31:36 UTC 
python-websockify version?
Comment 2 Tomasz Barański 2018-12-14 08:11:37 UTC 
Initial investigation points to the engine rather than Python-based proxy.
Comment 3 Liran Rotenberg 2018-12-14 16:18:27 UTC 
(In reply to Michal Skrivanek from comment #1)
> python-websockify version?

python-websockify-0.8.0-3.el7.noarch
Comment 4 Liran Rotenberg 2019-01-22 11:42:41 UTC 
Verified on:
ovirt-engine-4.3.0-0.8.master.20190120162615.git5926f20.el7.noarch
novnc-0.5.1-2.el7.noarch
python-websockify-0.8.0-3.el7.noarch
Firefox 59.0.2 (64-bit)

Steps:
Note: Steps 1-2 are if the VNC encryption isn't set)
1. Set the cluster with VNC encryption(Cluster->Enable VNC Encryption)
2. Reinstall the host to apply the changes
3. Verify the host with VNC encryption:
# cat /etc/libvirt/qemu.conf | grep "vnc_tls = 1"
Watch that it's not commented.
4. Run VM with VNC console
5. Check the VM is with VNC encryption:
# ps -ef | grep qemu
You should see:
tls,x509 in it.
6. Start NoVNC console to the VM.

Result:
Checked with firefox, NoVNC console is working.
Tested by changed configuration in about:config, security.tls.version.min and security.tls.version.max, only TLS 1.0 didn't work.
SSL 3.0, TLS 1.1, TLS 1.2 worked as expected in NoVNC.
Comment 5 Sandro Bonazzola 2019-02-13 07:43:01 UTC 
This bugzilla is included in oVirt 4.3.0 release, published on February 4th 2019.

Since the problem described in this bug report should be
resolved in oVirt 4.3.0 release, it has been closed with a resolution of CURRENT RELEASE.

If the solution does not work for you, please open a new bug report.
Note You need to log in before you can comment on or make changes to this bug.