Piotr Kliczewski has uploaded a new change for review.
Change subject: ssl: change default protocol
......................................................................
ssl: change default protocol
We used 'sslv23' but when Paddle (CVE-2014-3566) was found it
is recommended to switch to 'tlsv1'. On some of the OSes we
see issues that it is already sslv3 is disabled and users need
to switch to tls.
There is an issue when we switch to tls older engines (<= 3.0)
are not able to talk to vdsm anymore.
Change-Id: I40267cb07b19d444c7d85aba6d1160c27e8fe3a6
Signed-off-by: pkliczewski <piotr.kliczewski(a)gmail.com>
Bug-Url:
https://bugzilla.redhat.com/1229765
Reviewed-on:
https://gerrit.ovirt.org/43457
Continuous-Integration: Jenkins CI
Reviewed-by: Yaniv Bronhaim <ybronhei(a)redhat.com>
Reviewed-by: Dan Kenigsberg <danken(a)redhat.com>
---
M lib/vdsm/config.py.in
1 file changed, 1 insertion(+), 1 deletion(-)
git pull ssh://gerrit.ovirt.org:29418/vdsm refs/changes/32/47832/1
diff --git a/lib/vdsm/config.py.in b/lib/vdsm/config.py.in
index 9b2d99b..490669b 100644
--- a/lib/vdsm/config.py.in
+++ b/lib/vdsm/config.py.in
@@ -202,7 +202,7 @@
('transient_disks_repository', '@VDSMLIBDIR@/transient',
'Local path to the transient disks repository.'),
- ('ssl_protocol', 'sslv23',
+ ('ssl_protocol', 'tlsv1',
'SSL protocol used by encrypted connection'),
('connection_stats_timeout', '3600',
--
To view, visit
https://gerrit.ovirt.org/47832
To unsubscribe, visit
https://gerrit.ovirt.org/settings
Gerrit-MessageType: newchange
Gerrit-Change-Id: I40267cb07b19d444c7d85aba6d1160c27e8fe3a6
Gerrit-PatchSet: 1
Gerrit-Project: vdsm
Gerrit-Branch: ovirt-3.6
Gerrit-Owner: Piotr Kliczewski <piotr.kliczewski(a)gmail.com>