Note: This bug is displayed in read-only format because the product is no longer active in Red Hat Bugzilla.

Bug 1745431

Summary: CVE-2016-2183 openshift-enterprise-console-container: SSL/TLS: Birthday attack against 64-bit block ciphers (SWEET32) [openshift-enterprise-3.11.z]
Product: OpenShift Container Platform Reporter: Junqi Zhao <juzhao>
Component: Management ConsoleAssignee: Jakub Hadvig <jhadvig>
Status: CLOSED WONTFIX QA Contact: Yanping Zhang <yanpzhan>
Severity: medium Docs Contact:
Priority: urgent    
Version: 3.11.0CC: aos-bugs, jmartisk, jokerman, jshepherd, rvargasp, sfowler, spadgett, yanpzhan, yapei
Target Milestone: ---Keywords: Security, SecurityTracking
Target Release: 3.11.z   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: 1745430 Environment:
Last Closed: 2020-10-07 20:53:31 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 1773788    
Bug Blocks: 1369383    
Deadline: 2016-09-22   

Comment 1 Yanping Zhang 2019-08-28 06:41:46 UTC 
Reproduced on v3.11.141 for console image.
Comment 3 bpeterse 2019-11-13 21:42:44 UTC 
Yanping, any reason this should not also be fixed in 4.x console?

Opening https://github.com/openshift/console/pull/3389 to begin to address.
Comment 4 bpeterse 2019-11-22 16:57:33 UTC 
Jason, since we have branched for 4.3, can we get a 4.4 clone?
Comment 5 Jason Shepherd 2019-11-27 01:23:35 UTC 
Created 1777129 for 4.4
Comment 6 bpeterse 2020-05-08 16:06:29 UTC 
Waiting on 4.5 fix to backport.
Comment 8 Jakub Hadvig 2020-06-19 07:18:15 UTC 
This bug did not complete in the current cycle.  Adding UpcomingSprint to have it re-evaluated in the next sprint.
Comment 10 Jakub Hadvig 2020-07-31 14:49:50 UTC 
Will fix next sprint
Comment 13 Jakub Hadvig 2020-10-02 15:24:37 UTC 
In the middle of backport process.
Comment 14 Stephen Cuppett 2020-10-07 20:53:31 UTC 
Thank you for continuing to use Red Hat OpenShift.  As part of a wider bug review, this bug has been evaluated and we have determined that at this time we do not plan to progress it.  As such, we will be closing this bug.  If you have need for continued assistance on this issue, please reopen the bug with additional context on why it needs to be reconsidered.