[ovirt-devel] Re: noVNC not working when FIPS is enabled

On 8. 9. 2021, at 20:48, Milan Zamazal <mzamazal(a)redhat.com&gt; wrote: Hi, we had to disable VNC OST test some time ago because it started failing. I looked at why it fails and the reason provided by ovirt-websocket-proxy is do_vencrypt_handshake:187 Server supports the following subtypes: 263

Server does not support X509VNC. OvirtProxy only supports X509VNC This happens only when FIPS is enabled and is reproducible outside OST. The only thing that seems to have influence on whether it works or not is the value of `fips' kernel command line parameter -- when it's changed to fips=0 then noVNC console works without any other changes. So it looks like some change in QEMU. I'm not an expert in this area and don't know what those protocols are about, why the proxy supports only X509VNC and why the mismatch in expectations on both the ends happens when FIPS is enabled. Can anybody help clarify it and provide an idea how to resolve the problem? Thanks, Milan _______________________________________________ Devel mailing list -- devel(a)ovirt.org To unsubscribe send an email to devel-leave(a)ovirt.org Privacy Statement: https://www.ovirt.org/privacy-policy.html oVirt Code of Conduct: https://www.ovirt.org/community/about/community-guidelines/ List Archives: https://lists.ovirt.org/archives/list/devel@ovirt.org/message/S6MCLJV2QMQ...