1751035 – Allow and Deny same Ciphers same time

Bug 1751035 - Allow and Deny same Ciphers same time

Summary: Allow and Deny same Ciphers same time

Keywords:
Status:	CLOSED ERRATA
Alias:	None
Product:	Red Hat Directory Server
Classification:	Red Hat
Component:	cockpit-389-ds
Sub Component:
Version:	11.0
Hardware:	Unspecified
OS:	Unspecified
Priority:	unspecified
Severity:	unspecified
Target Milestone:	---
Target Release:	dirsrv-11.2
Assignee:	Simon Pichugin
QA Contact:	RHDS QE
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2019-09-11 04:54 UTC by Anuj Borah
Modified:	2020-11-04 10:53 UTC (History)
CC List:	6 users (show)
Fixed In Version:	389-ds-base-1.4.3.11-1.module+el8dsrv+7557+bc264682
Doc Type:	If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed:	2020-11-04 10:53:12 UTC
Target Upstream Version:
Embargoed:

Attachments	(Terms of Use)
Video1 (1.52 MB, video/webm) 2019-09-11 04:54 UTC, Anuj Borah	no flags	Details
Video2 (407.28 KB, video/webm) 2019-09-11 04:55 UTC, Anuj Borah	no flags	Details
SS (233.59 KB, image/png) 2020-04-17 10:29 UTC, Anuj Borah	no flags	Details
View All

Links
System	ID	Private	Priority	Status	Summary	Last Updated
Red Hat Product Errata	RHBA-2020:4911	0	None	None	None	2020-11-04 10:53:24 UTC

Description Anuj Borah 2019-09-11 04:54:40 UTC

Created attachment 1613914 [details]
Video1

Description of problem:

Security > Cipher Preferences > Allow Specific Ciphers > TLS_AES_128_GCM_SHA256
Security > Cipher Preferences > Deny Specific Ciphers > TLS_AES_128_GCM_SHA256

It allows to allow and deny same Ciphers same time.

Version-Release number of selected component (if applicable):
389-ds-base-1.4.1.8-1.module+el8dsrv+4209+f45880df.x86_64

How reproducible:
Always


Steps to Reproduce:
1.
2.
3.

Actual results:


Expected results:


Additional info:

Comment 1 Anuj Borah 2019-09-11 04:55:13 UTC

Created attachment 1613915 [details]
Video2

Comment 2 mreynolds 2019-11-08 22:06:04 UTC

https://pagure.io/389-ds-base/issue/50696

Comment 5 Anuj Borah 2020-04-17 10:24:12 UTC

I can still see the same condition :

[root@ci-vm-10-0-136-19 install]# rpm -qea | grep 389
cockpit-389-ds-1.4.2.12-1.module+el8dsrv+6328+f04d7471.noarch
python3-lib389-1.4.2.12-1.module+el8dsrv+6328+f04d7471.noarch
389-ds-base-1.4.2.12-1.module+el8dsrv+6328+f04d7471.x86_64
389-ds-base-libs-1.4.2.12-1.module+el8dsrv+6328+f04d7471.x86_64

Comment 6 Anuj Borah 2020-04-17 10:29:29 UTC

Created attachment 1679626 [details]
SS

Comment 7 mreynolds 2020-04-17 11:37:54 UTC

Well this is an odd one.  This is how NSS behaves.  This is NOT a bug in UI, once you set a specific cipher then the enabled list that comes from NSS disappears.  Might be intentional, might be a bug in NSS or in DS, but it's not the UI.  I'll verify this and change the bug component accordingly.

Comment 11 sgouvern 2020-09-18 09:57:47 UTC

With build 
389-ds-base-1.4.3.11-1.module+el8dsrv+7557+bc264682.x86_64
cockpit-389-ds-1.4.3.11-1.module+el8dsrv+7557+bc264682.noarch

The selected 'allow specific ciphers' are no more available in the 'Deny specific ciphers' list, and vice versa.
That way it is now not possible to allow and deny the same ciphers at the same time.

marking as VERIFIED

Comment 13 errata-xmlrpc 2020-11-04 10:53:12 UTC

Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory (Red Hat Directory Server bug fix and enhancement update), and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHBA-2020:4911

Note You need to log in before you can comment on or make changes to this bug.