Bug 1942592 - ECDHE ciphers missing in rh-nodejs12 [rhscl-3.6.z]
Summary: ECDHE ciphers missing in rh-nodejs12 [rhscl-3.6.z]
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: Red Hat Software Collections
Classification: Red Hat
Component: nodejs
Version: rh-nodejs12
Hardware: Unspecified
OS: Unspecified
unspecified
high
Target Milestone: alpha
: 3.7
Assignee: Jan Staněk
QA Contact: Jan Houska
URL:
Whiteboard:
Depends On: 1910749
Blocks:
TreeView+ depends on / blocked
 
Reported: 2021-03-24 15:18 UTC by RHEL Program Management Team
Modified: 2021-07-28 08:33 UTC (History)
6 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Cause: During refactoring, a part of a patch was missed which was necessary to properly setup ECDHE negotiation with OpenSSL 1.0.*. Consequence: No ECDHE ciphers (i.e. ECDHE-RSA-AES128-GCM-SHA256) could be negotiated with the server. Fix: Missing parts of ECDHE setup were reinstated. Result: ECDHE ciphers can be negotiated.
Clone Of: 1910749
Environment:
Last Closed: 2021-07-28 08:33:07 UTC
Target Upstream Version:
Embargoed:
pm-rhel: mirror+

Attachments (Terms of Use)

Comment 1 Jan Staněk 2021-03-25 13:28:54 UTC 
Fix imported to dist-git: http://pkgs.devel.redhat.com/cgit/rpms/nodejs/commit/?h=rhscl-3.6-rh-nodejs12-rhel-7&id=14697ab6e49f9e8c1289f502f7972ffbd5fc521d
Comment 2 Jan Staněk 2021-07-08 12:33:05 UTC 
The release with fix will be delivered in the rhscl-3.7.z stream; we did not manage to release one in rhscl-3.6.z. Closing as nextrelease.
Comment 3 Jan Staněk 2021-07-13 15:30:45 UTC 
Re-opening as tracking bug for the rhscl-3.7.z.
Comment 7 Jan Houska 2021-07-22 16:01:29 UTC 
VERIFIED:


NEW PASS:
version:
rh-nodejs12-nodejs-12.22.2-1.el7.ppc64le


::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
::   Test
::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::

:: [ 07:46:19 ] :: [  BEGIN   ] :: Running reproducer :: actually running 'node server.js &> server.log &'
:: [ 07:46:19 ] :: [   PASS   ] :: Running reproducer (Expected 0, got 0)
:: [ 07:46:19 ] :: [   LOG    ] :: Reporoducer is running on PID=25963
:: [ 07:46:20 ] :: [  BEGIN   ] :: Running 'curl -k https://localhost:8433 &> curl.log'
:: [ 07:46:20 ] :: [   PASS   ] :: Command 'curl -k https://localhost:8433 &> curl.log' (Expected 0, got 0)
:: [ 07:46:20 ] :: [  BEGIN   ] :: Running 'kill 25963'
/usr/share/beakerlib/testing.sh: line 756: 25963 Terminated              node server.js &>server.log
:: [ 07:46:20 ] :: [   PASS   ] :: Command 'kill 25963' (Expected 0, got 0)
:: [ 07:46:20 ] :: [   PASS   ] :: File 'server.log' should contain 'listening on 8433' 
--------server.log:------
listening on 8433
--------\server.log------
:: [ 07:46:20 ] :: [   PASS   ] :: File 'curl.log' should contain 'OK' 
:: [ 07:46:20 ] :: [   PASS   ] :: File 'curl.log' should not contain 'curl: (35) Cannot communicate securely with peer: no common encryption algorithm(s).' 
--------curl.log:------
  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed

  0     0    0     0    0     0      0      0 --:--:-- --:--:-- --:--:--     0
100     2  100     2    0     0      8      0 --:--:-- --:--:-- --:--:--     8
OK--------\curl.log------
::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
::   Duration: 1s
::   Assertions: 6 good, 0 bad
::   RESULT: PASS


OLD FAIL
version:
rh-nodejs12-nodejs-12.21.0-1.el7.::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
::   Test
::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::

:: [ 11:55:25 ] :: [  BEGIN   ] :: Running reproducer :: actually running 'node server.js &> server.log &'
:: [ 11:55:25 ] :: [   PASS   ] :: Running reproducer (Expected 0, got 0)
:: [ 11:55:25 ] :: [   LOG    ] :: Reporoducer is running on PID=9077
:: [ 11:55:26 ] :: [  BEGIN   ] :: Running 'curl -k https://localhost:8433 &> curl.log'
:: [ 11:55:27 ] :: [   FAIL   ] :: Command 'curl -k https://localhost:8433 &> curl.log' (Expected 0, got 35)
:: [ 11:55:27 ] :: [  BEGIN   ] :: Running 'kill 9077'
/usr/share/beakerlib/testing.sh: řádek 756:  9077 Ukončen (SIGTERM)      node server.js &>server.log
:: [ 11:55:27 ] :: [   PASS   ] :: Command 'kill 9077' (Expected 0, got 0)
:: [ 11:55:27 ] :: [   PASS   ] :: File 'server.log' should contain 'listening on 8433' 
--------server.log:------
listening on 8433
--------\server.log------
:: [ 11:55:27 ] :: [   FAIL   ] :: File 'curl.log' should contain 'OK' 
:: [ 11:55:27 ] :: [   FAIL   ] :: File 'curl.log' should not contain 'curl: (35) Cannot communicate securely with peer: no common encryption algorithm(s).' 
--------curl.log:------
  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
  0     0    0     0    0     0      0      0 --:--:-- --:--:-- --:--:--     0
curl: (35) Cannot communicate securely with peer: no common encryption algorithm(s).
--------\curl.log------
::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
::   Duration: 2s
::   Assertions: 3 good, 3 bad
::   RESULT: FAIL (Test)
x86_64
Comment 11 errata-xmlrpc 2021-07-28 08:33:07 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory (Moderate: rh-nodejs12-nodejs and rh-nodejs12-nodejs-nodemon security update), and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHSA-2021:2931
Note You need to log in before you can comment on or make changes to this bug.