[ovirt-users] Issue with vdsm on EL6 nodes

Alon Bar-Lev alonbl at redhat.com
Tue Apr 7 09:45:36 EDT 2015



----- Original Message -----
> From: "knarra" <knarra at redhat.com>
> To: "Alon Bar-Lev" <alonbl at redhat.com>
> Cc: users at ovirt.org
> Sent: Tuesday, April 7, 2015 3:39:58 PM
> Subject: Re: [ovirt-users] Issue with vdsm on EL6 nodes
> 
> On 04/07/2015 05:58 PM, Alon Bar-Lev wrote:
> >
> > ----- Original Message -----
> >> From: "knarra" <knarra at redhat.com>
> >> To: "Alon Bar-Lev" <alonbl at redhat.com>
> >> Cc: users at ovirt.org
> >> Sent: Tuesday, April 7, 2015 3:25:07 PM
> >> Subject: Re: [ovirt-users] Issue with vdsm on EL6 nodes
> >>
> >> On 04/07/2015 05:50 PM, Alon Bar-Lev wrote:
> >>> ----- Original Message -----
> >>>> From: "knarra" <knarra at redhat.com>
> >>>> To: users at ovirt.org
> >>>> Sent: Tuesday, April 7, 2015 3:15:12 PM
> >>>> Subject: [ovirt-users] Issue with vdsm on EL6 nodes
> >>>>
> >>> <snip>
> >>>
> >>>> SSLError: [Errno 1] _ssl.c:1390: error:1409442E:SSL
> >>>> routines:SSL3_READ_BYTES:tlsv1 alert protocol version
> >>>>
> >>>> Can some one help me to resolve this issue.
> >>> your openssl is patched to disable ssv3, and engine is trying to
> >>> communicate using sslv3.
> >>>
> >>> please upgrade engine to latest z-stream, it should be resolved.
> >> Hi Alon,
> >>
> >>       I checked the following value in my database and my engine is using
> >> TLSv1 and not sslv3 to comminucate. I am on 3.6 master branch.
> >>
> >> engine=# select option_name,option_value from vdc_options where
> >> option_name = 'VdsmSSLProtocol';
> >>      option_name   | option_value
> >> -----------------+--------------
> >>    VdsmSSLProtocol | TLSv1
> >> (1 row)
> > hmmm.... and you say you get this when you use vdsClient, so maybe it tries
> > to connect using sslv3.
> >
> > is engine working proberly?
> yes, engine works fine, i have few other nodes where i have the same
> vdsm version added to same engine and i do not hit this issue there. I
> am just wondering how is this happening.
> 

compare openssl version.

yaniv, please fix the vdsClient to use TLSv1


More information about the Users mailing list