[ovirt-users] Issue with vdsm on EL6 nodes

ybronhei ybronhei at redhat.com
Sun Apr 12 05:17:03 EDT 2015


On 04/07/2015 04:45 PM, Alon Bar-Lev wrote:
>
>
> ----- Original Message -----
>> From: "knarra" <knarra at redhat.com>
>> To: "Alon Bar-Lev" <alonbl at redhat.com>
>> Cc: users at ovirt.org
>> Sent: Tuesday, April 7, 2015 3:39:58 PM
>> Subject: Re: [ovirt-users] Issue with vdsm on EL6 nodes
>>
>> On 04/07/2015 05:58 PM, Alon Bar-Lev wrote:
>>>
>>> ----- Original Message -----
>>>> From: "knarra" <knarra at redhat.com>
>>>> To: "Alon Bar-Lev" <alonbl at redhat.com>
>>>> Cc: users at ovirt.org
>>>> Sent: Tuesday, April 7, 2015 3:25:07 PM
>>>> Subject: Re: [ovirt-users] Issue with vdsm on EL6 nodes
>>>>
>>>> On 04/07/2015 05:50 PM, Alon Bar-Lev wrote:
>>>>> ----- Original Message -----
>>>>>> From: "knarra" <knarra at redhat.com>
>>>>>> To: users at ovirt.org
>>>>>> Sent: Tuesday, April 7, 2015 3:15:12 PM
>>>>>> Subject: [ovirt-users] Issue with vdsm on EL6 nodes
>>>>>>
>>>>> <snip>
>>>>>
>>>>>> SSLError: [Errno 1] _ssl.c:1390: error:1409442E:SSL
>>>>>> routines:SSL3_READ_BYTES:tlsv1 alert protocol version
>>>>>>
>>>>>> Can some one help me to resolve this issue.
>>>>> your openssl is patched to disable ssv3, and engine is trying to
>>>>> communicate using sslv3.
>>>>>
>>>>> please upgrade engine to latest z-stream, it should be resolved.
>>>> Hi Alon,
>>>>
>>>>        I checked the following value in my database and my engine is using
>>>> TLSv1 and not sslv3 to comminucate. I am on 3.6 master branch.
>>>>
>>>> engine=# select option_name,option_value from vdc_options where
>>>> option_name = 'VdsmSSLProtocol';
>>>>       option_name   | option_value
>>>> -----------------+--------------
>>>>     VdsmSSLProtocol | TLSv1
>>>> (1 row)
>>> hmmm.... and you say you get this when you use vdsClient, so maybe it tries
>>> to connect using sslv3.
>>>
>>> is engine working proberly?
>> yes, engine works fine, i have few other nodes where i have the same
>> vdsm version added to same engine and i do not hit this issue there. I
>> am just wondering how is this happening.
>>
>
> compare openssl version.
>
> yaniv, please fix the vdsClient to use TLSv1
>
should it use v1 always (forcefully)? we can do that, but currently it 
chooses the highest version both parties are able to use


-- 
Yaniv Bronhaim.


More information about the Users mailing list