Re: [ovirt-users] Issue with vdsm on EL6 nodes

From: "ybronhei" <ybronhei(a)redhat.com&gt; To: "Alon Bar-Lev" <alonbl(a)redhat.com&gt; Cc: "knarra" <knarra(a)redhat.com&gt;, users(a)ovirt.org, "Dima Kuznetsov" <dkuznets(a)redhat.com&gt; Sent: Sunday, April 12, 2015 12:17:03 PM Subject: Re: [ovirt-users] Issue with vdsm on EL6 nodes On 04/07/2015 04:45 PM, Alon Bar-Lev wrote: > > > ----- Original Message ----- >> From: "knarra" <knarra(a)redhat.com&gt; >> To: "Alon Bar-Lev" <alonbl(a)redhat.com&gt; >> Cc: users(a)ovirt.org >> Sent: Tuesday, April 7, 2015 3:39:58 PM >> Subject: Re: [ovirt-users] Issue with vdsm on EL6 nodes >> >> On 04/07/2015 05:58 PM, Alon Bar-Lev wrote: >>> >>> ----- Original Message ----- >>>> From: "knarra" <knarra(a)redhat.com&gt; >>>> To: "Alon Bar-Lev" <alonbl(a)redhat.com&gt; >>>> Cc: users(a)ovirt.org >>>> Sent: Tuesday, April 7, 2015 3:25:07 PM >>>> Subject: Re: [ovirt-users] Issue with vdsm on EL6 nodes >>>> >>>> On 04/07/2015 05:50 PM, Alon Bar-Lev wrote: >>>>> ----- Original Message ----- >>>>>> From: "knarra" <knarra(a)redhat.com&gt; >>>>>> To: users(a)ovirt.org >>>>>> Sent: Tuesday, April 7, 2015 3:15:12 PM >>>>>> Subject: [ovirt-users] Issue with vdsm on EL6 nodes >>>>>> >>>>> <snip> >>>>> >>>>>> SSLError: [Errno 1] _ssl.c:1390: error:1409442E:SSL >>>>>> routines:SSL3_READ_BYTES:tlsv1 alert protocol version >>>>>> >>>>>> Can some one help me to resolve this issue. >>>>> your openssl is patched to disable ssv3, and engine is trying to >>>>> communicate using sslv3. >>>>> >>>>> please upgrade engine to latest z-stream, it should be resolved. >>>> Hi Alon, >>>> >>>> I checked the following value in my database and my engine is >>>> using >>>> TLSv1 and not sslv3 to comminucate. I am on 3.6 master branch. >>>> >>>> engine=# select option_name,option_value from vdc_options where >>>> option_name = 'VdsmSSLProtocol'; >>>> option_name | option_value >>>> -----------------+-------------- >>>> VdsmSSLProtocol | TLSv1 >>>> (1 row) >>> hmmm.... and you say you get this when you use vdsClient, so maybe it >>> tries >>> to connect using sslv3. >>> >>> is engine working proberly? >> yes, engine works fine, i have few other nodes where i have the same >> vdsm version added to same engine and i do not hit this issue there. I >> am just wondering how is this happening. >> > > compare openssl version. > > yaniv, please fix the vdsClient to use TLSv1 > should it use v1 always (forcefully)? we can do that, but currently it chooses the highest version both parties are able to use