3:53 a.m.
Piotr Kliczewski has uploaded a new change for review.
Change subject: ssl: change default protocol
......................................................................
ssl: change default protocol
We used 'sslv23' but when Paddle (CVE-2014-3566) was found it
is recommended to switch to 'tlsv1'. On some of the OSes we
see issues that it is already sslv3 is disabled and users need
to switch to tls.
There is an issue when we switch to tls older engines (<= 3.0)
are not able to talk to vdsm anymore.
Change-Id: I40267cb07b19d444c7d85aba6d1160c27e8fe3a6
Signed-off-by: pkliczewski <piotr.kliczewski(a)gmail.com>
Bug-Url: https://bugzilla.redhat.com/1229765
Reviewed-on: https://gerrit.ovirt.org/43457
Continuous-Integration: Jenkins CI
Reviewed-by: Yaniv Bronhaim <ybronhei(a)redhat.com>
Reviewed-by: Dan Kenigsberg <danken(a)redhat.com>
---
M lib/vdsm/config.py.in
1 file changed, 1 insertion(+), 1 deletion(-)
git pull ssh://gerrit.ovirt.org:29418/vdsm refs/changes/32/47832/1
diff --git a/lib/vdsm/config.py.in b/lib/vdsm/config.py.in
index 9b2d99b..490669b 100644
--- a/lib/vdsm/config.py.in
+++ b/lib/vdsm/config.py.in
@@ -202,7 +202,7 @@
('transient_disks_repository', '@VDSMLIBDIR@/transient',
'Local path to the transient disks repository.'),
- ('ssl_protocol', 'sslv23',
+ ('ssl_protocol', 'tlsv1',
'SSL protocol used by encrypted connection'),
('connection_stats_timeout', '3600',
--
To view, visit https://gerrit.ovirt.org/47832
To unsubscribe, visit https://gerrit.ovirt.org/settings
Gerrit-MessageType: newchange
Gerrit-Change-Id: I40267cb07b19d444c7d85aba6d1160c27e8fe3a6
Gerrit-PatchSet: 1
Gerrit-Project: vdsm
Gerrit-Branch: ovirt-3.6
Gerrit-Owner: Piotr Kliczewski <piotr.kliczewski(a)gmail.com>
3:54 a.m.
automation(a)ovirt.org has posted comments on this change.
Change subject: ssl: change default protocol
......................................................................
Patch Set 1:
* Update tracker::#1229765::OK
* Check Bug-Url::OK
* Check Public Bug::#1229765::OK, public bug
* Check Product::#1229765::OK, Correct classification oVirt
* Check TM::SKIP, not in a monitored branch (ovirt-3.5 ovirt-3.4 ovirt-3.3 ovirt-3.2)
* Check merged to previous::IGNORE, Not in stable branch (['ovirt-3.5',
'ovirt-3.4', 'ovirt-3.3'])
--
To view, visit https://gerrit.ovirt.org/47832
To unsubscribe, visit https://gerrit.ovirt.org/settings
Gerrit-MessageType: comment
Gerrit-Change-Id: I40267cb07b19d444c7d85aba6d1160c27e8fe3a6
Gerrit-PatchSet: 1
Gerrit-Project: vdsm
Gerrit-Branch: ovirt-3.6
Gerrit-Owner: Piotr Kliczewski <piotr.kliczewski(a)gmail.com>
Gerrit-Reviewer: Jenkins CI
Gerrit-Reviewer: automation(a)ovirt.org
Gerrit-HasComments: No
3:54 a.m.
Piotr Kliczewski has posted comments on this change.
Change subject: ssl: change default protocol
......................................................................
Patch Set 1: Verified+1
Verified on master.
--
To view, visit https://gerrit.ovirt.org/47832
To unsubscribe, visit https://gerrit.ovirt.org/settings
Gerrit-MessageType: comment
Gerrit-Change-Id: I40267cb07b19d444c7d85aba6d1160c27e8fe3a6
Gerrit-PatchSet: 1
Gerrit-Project: vdsm
Gerrit-Branch: ovirt-3.6
Gerrit-Owner: Piotr Kliczewski <piotr.kliczewski(a)gmail.com>
Gerrit-Reviewer: Dan Kenigsberg <danken(a)redhat.com>
Gerrit-Reviewer: Francesco Romani <fromani(a)redhat.com>
Gerrit-Reviewer: Jenkins CI
Gerrit-Reviewer: Piotr Kliczewski <piotr.kliczewski(a)gmail.com>
Gerrit-Reviewer: Yaniv Bronhaim <ybronhei(a)redhat.com>
Gerrit-Reviewer: Yeela Kaplan <ykaplan(a)redhat.com>
Gerrit-Reviewer: automation(a)ovirt.org
Gerrit-HasComments: No
4:05 a.m.
Piotr Kliczewski has posted comments on this change.
Change subject: ssl: change default protocol
......................................................................
Patch Set 1:
Build failure not related
--
To view, visit https://gerrit.ovirt.org/47832
To unsubscribe, visit https://gerrit.ovirt.org/settings
Gerrit-MessageType: comment
Gerrit-Change-Id: I40267cb07b19d444c7d85aba6d1160c27e8fe3a6
Gerrit-PatchSet: 1
Gerrit-Project: vdsm
Gerrit-Branch: ovirt-3.6
Gerrit-Owner: Piotr Kliczewski <piotr.kliczewski(a)gmail.com>
Gerrit-Reviewer: Dan Kenigsberg <danken(a)redhat.com>
Gerrit-Reviewer: Francesco Romani <fromani(a)redhat.com>
Gerrit-Reviewer: Jenkins CI
Gerrit-Reviewer: Piotr Kliczewski <piotr.kliczewski(a)gmail.com>
Gerrit-Reviewer: Yaniv Bronhaim <ybronhei(a)redhat.com>
Gerrit-Reviewer: Yeela Kaplan <ykaplan(a)redhat.com>
Gerrit-Reviewer: automation(a)ovirt.org
Gerrit-HasComments: No
4:25 a.m.
Francesco Romani has posted comments on this change.
Change subject: ssl: change default protocol
......................................................................
Patch Set 1: Code-Review+1
looks ok to me, but let's have more reviews.
--
To view, visit https://gerrit.ovirt.org/47832
To unsubscribe, visit https://gerrit.ovirt.org/settings
Gerrit-MessageType: comment
Gerrit-Change-Id: I40267cb07b19d444c7d85aba6d1160c27e8fe3a6
Gerrit-PatchSet: 1
Gerrit-Project: vdsm
Gerrit-Branch: ovirt-3.6
Gerrit-Owner: Piotr Kliczewski <piotr.kliczewski(a)gmail.com>
Gerrit-Reviewer: Dan Kenigsberg <danken(a)redhat.com>
Gerrit-Reviewer: Francesco Romani <fromani(a)redhat.com>
Gerrit-Reviewer: Jenkins CI
Gerrit-Reviewer: Piotr Kliczewski <piotr.kliczewski(a)gmail.com>
Gerrit-Reviewer: Yaniv Bronhaim <ybronhei(a)redhat.com>
Gerrit-Reviewer: Yeela Kaplan <ykaplan(a)redhat.com>
Gerrit-Reviewer: automation(a)ovirt.org
Gerrit-HasComments: No
4:43 a.m.
Yeela Kaplan has posted comments on this change.
Change subject: ssl: change default protocol
......................................................................
Patch Set 1: Code-Review+1
--
To view, visit https://gerrit.ovirt.org/47832
To unsubscribe, visit https://gerrit.ovirt.org/settings
Gerrit-MessageType: comment
Gerrit-Change-Id: I40267cb07b19d444c7d85aba6d1160c27e8fe3a6
Gerrit-PatchSet: 1
Gerrit-Project: vdsm
Gerrit-Branch: ovirt-3.6
Gerrit-Owner: Piotr Kliczewski <piotr.kliczewski(a)gmail.com>
Gerrit-Reviewer: Dan Kenigsberg <danken(a)redhat.com>
Gerrit-Reviewer: Francesco Romani <fromani(a)redhat.com>
Gerrit-Reviewer: Jenkins CI
Gerrit-Reviewer: Piotr Kliczewski <piotr.kliczewski(a)gmail.com>
Gerrit-Reviewer: Yaniv Bronhaim <ybronhei(a)redhat.com>
Gerrit-Reviewer: Yeela Kaplan <ykaplan(a)redhat.com>
Gerrit-Reviewer: automation(a)ovirt.org
Gerrit-HasComments: No
6:49 a.m.
Yaniv Bronhaim has posted comments on this change.
Change subject: ssl: change default protocol
......................................................................
Patch Set 1: Code-Review+2
--
To view, visit https://gerrit.ovirt.org/47832
To unsubscribe, visit https://gerrit.ovirt.org/settings
Gerrit-MessageType: comment
Gerrit-Change-Id: I40267cb07b19d444c7d85aba6d1160c27e8fe3a6
Gerrit-PatchSet: 1
Gerrit-Project: vdsm
Gerrit-Branch: ovirt-3.6
Gerrit-Owner: Piotr Kliczewski <piotr.kliczewski(a)gmail.com>
Gerrit-Reviewer: Dan Kenigsberg <danken(a)redhat.com>
Gerrit-Reviewer: Francesco Romani <fromani(a)redhat.com>
Gerrit-Reviewer: Jenkins CI
Gerrit-Reviewer: Piotr Kliczewski <piotr.kliczewski(a)gmail.com>
Gerrit-Reviewer: Yaniv Bronhaim <ybronhei(a)redhat.com>
Gerrit-Reviewer: Yeela Kaplan <ykaplan(a)redhat.com>
Gerrit-Reviewer: automation(a)ovirt.org
Gerrit-HasComments: No
6:49 a.m.
Yaniv Bronhaim has submitted this change and it was merged.
Change subject: ssl: change default protocol
......................................................................
ssl: change default protocol
We used 'sslv23' but when Paddle (CVE-2014-3566) was found it
is recommended to switch to 'tlsv1'. On some of the OSes we
see issues that it is already sslv3 is disabled and users need
to switch to tls.
There is an issue when we switch to tls older engines (<= 3.0)
are not able to talk to vdsm anymore.
Change-Id: I40267cb07b19d444c7d85aba6d1160c27e8fe3a6
Signed-off-by: pkliczewski <piotr.kliczewski(a)gmail.com>
Bug-Url: https://bugzilla.redhat.com/1229765
Reviewed-on: https://gerrit.ovirt.org/43457
Continuous-Integration: Jenkins CI
Reviewed-by: Yaniv Bronhaim <ybronhei(a)redhat.com>
Reviewed-by: Dan Kenigsberg <danken(a)redhat.com>
Reviewed-on: https://gerrit.ovirt.org/47832
Reviewed-by: Francesco Romani <fromani(a)redhat.com>
Reviewed-by: Yeela Kaplan <ykaplan(a)redhat.com>
---
M lib/vdsm/config.py.in
1 file changed, 1 insertion(+), 1 deletion(-)
Approvals:
Piotr Kliczewski: Verified
Yeela Kaplan: Looks good to me, but someone else must approve
Yaniv Bronhaim: Looks good to me, approved
Jenkins CI: Passed CI tests
Francesco Romani: Looks good to me, but someone else must approve
--
To view, visit https://gerrit.ovirt.org/47832
To unsubscribe, visit https://gerrit.ovirt.org/settings
Gerrit-MessageType: merged
Gerrit-Change-Id: I40267cb07b19d444c7d85aba6d1160c27e8fe3a6
Gerrit-PatchSet: 2
Gerrit-Project: vdsm
Gerrit-Branch: ovirt-3.6
Gerrit-Owner: Piotr Kliczewski <piotr.kliczewski(a)gmail.com>
Gerrit-Reviewer: Dan Kenigsberg <danken(a)redhat.com>
Gerrit-Reviewer: Francesco Romani <fromani(a)redhat.com>
Gerrit-Reviewer: Jenkins CI
Gerrit-Reviewer: Piotr Kliczewski <piotr.kliczewski(a)gmail.com>
Gerrit-Reviewer: Yaniv Bronhaim <ybronhei(a)redhat.com>
Gerrit-Reviewer: Yeela Kaplan <ykaplan(a)redhat.com>
Gerrit-Reviewer: automation(a)ovirt.org
6:49 a.m.
automation(a)ovirt.org has posted comments on this change.
Change subject: ssl: change default protocol
......................................................................
Patch Set 2:
* Update tracker::#1229765::OK
* Set MODIFIED::bug 1229765::::#1229765::::IGNORE, not oVirt prod but vdsm
--
To view, visit https://gerrit.ovirt.org/47832
To unsubscribe, visit https://gerrit.ovirt.org/settings
Gerrit-MessageType: comment
Gerrit-Change-Id: I40267cb07b19d444c7d85aba6d1160c27e8fe3a6
Gerrit-PatchSet: 2
Gerrit-Project: vdsm
Gerrit-Branch: ovirt-3.6
Gerrit-Owner: Piotr Kliczewski <piotr.kliczewski(a)gmail.com>
Gerrit-Reviewer: Dan Kenigsberg <danken(a)redhat.com>
Gerrit-Reviewer: Francesco Romani <fromani(a)redhat.com>
Gerrit-Reviewer: Jenkins CI
Gerrit-Reviewer: Piotr Kliczewski <piotr.kliczewski(a)gmail.com>
Gerrit-Reviewer: Yaniv Bronhaim <ybronhei(a)redhat.com>
Gerrit-Reviewer: Yeela Kaplan <ykaplan(a)redhat.com>
Gerrit-Reviewer: automation(a)ovirt.org
Gerrit-HasComments: No
3158
days inactive
3163
days old
vdsm-patches@lists.fedorahosted.org
8 comments
5 participants
participants (5)
-
automation@ovirt.org -
fromani@redhat.com -
Piotr Kliczewski -
ybronhei@redhat.com -
ykaplan@redhat.com