Bug 1740516 - [OSP17] NO VNC proxy allows weak encryption protocols and ciphers (SSL V3, TLS<1.2, CBC, RC4, 3DES)
Summary: [OSP17] NO VNC proxy allows weak encryption protocols and ciphers (SSL V3, TL...
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: Red Hat OpenStack
Classification: Red Hat
Component: openstack-nova
Version: 13.0 (Queens)
Hardware: Unspecified
OS: Unspecified
medium
high
Target Milestone: Alpha
: 17.0
Assignee: melanie witt
QA Contact: James Parker
URL:
Whiteboard:
: 1740520 1740523 1740527 (view as bug list)
Depends On:
Blocks: 1806704 1897698
TreeView+ depends on / blocked
 
Reported: 2019-08-13 07:51 UTC by Francois Duthilleul
Modified: 2022-09-21 12:09 UTC (History)
25 users (show)

Fixed In Version: openstack-nova-20.1.0-0.20200312134520.e20e731.el8ost
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
: 1805070 1897698 (view as bug list)
Environment:
Last Closed: 2022-09-21 12:07:58 UTC
Target Upstream Version: Ussuri
Embargoed:

Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Launchpad 1842149 0 None None None 2019-08-31 01:10:05 UTC
OpenStack gerrit 679502 0 'None' MERGED Allow TLS ciphers/protocols to be configurable for console proxies 2021-02-15 15:40:06 UTC
OpenStack gerrit 723920 0 None MERGED Update Nova VNC puppet variables 2021-02-15 15:40:07 UTC
Red Hat Issue Tracker OSP-373 0 None None None 2021-12-26 11:57:25 UTC
Red Hat Product Errata RHEA-2022:6543 0 None None None 2022-09-21 12:09:15 UTC

Comment 2 Nathan Kinder 2019-08-30 17:47:32 UTC 
*** Bug 1740520 has been marked as a duplicate of this bug. ***
Comment 3 Nathan Kinder 2019-08-30 17:50:42 UTC 
*** Bug 1740523 has been marked as a duplicate of this bug. ***
Comment 4 Nathan Kinder 2019-08-30 17:51:16 UTC 
*** Bug 1740527 has been marked as a duplicate of this bug. ***
Comment 10 melanie witt 2019-09-06 16:31:08 UTC 
Note that the nova patch cannot be backported upstream in its current form because of the hard dependency on websockify 0.9.0. I've noted on the patch an option for a potential backport, but it's a bit wonky and I'm not sure whether this bug would be considered severe enough to warrant doing it. If anyone could weigh in, I would appreciate it.
Comment 11 Nathan Kinder 2019-09-06 18:19:11 UTC 
I have added an initial WIP patch for the T-H-T portion of this issue here:

  https://review.opendev.org/680752
Comment 20 Cyril Lopez 2020-01-13 08:48:03 UTC 
Hello Melanie,

It looks there is a -1 on the patch.

Could you have a look please ?

Thanks,
Cyril
Comment 23 Artom Lifshitz 2020-02-19 16:31:02 UTC 
As this has not merged in upstream train, re-targetting to 17 to reflect the fact that it will (hopefully) land in upstream ussuri.
Comment 24 melanie witt 2020-02-24 19:29:54 UTC 
The nova patch has merged: https://review.opendev.org/679502

I moved the puppet-nova and openstack-tripleo-heat-templates gerrit links to their respective rhbzs:

https://bugzilla.redhat.com/show_bug.cgi?id=1806704

https://bugzilla.redhat.com/show_bug.cgi?id=1805070
Comment 44 errata-xmlrpc 2022-09-21 12:07:58 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory (Release of components for Red Hat OpenStack Platform 17.0 (Wallaby)), and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHEA-2022:6543
Note You need to log in before you can comment on or make changes to this bug.