[ovirt-users] Issue with vdsm on EL6 nodes

Alon Bar-Lev alonbl at redhat.com
Sun Apr 12 05:24:01 EDT 2015



----- Original Message -----
> From: "ybronhei" <ybronhei at redhat.com>
> To: "Alon Bar-Lev" <alonbl at redhat.com>
> Cc: "knarra" <knarra at redhat.com>, users at ovirt.org, "Dima Kuznetsov" <dkuznets at redhat.com>
> Sent: Sunday, April 12, 2015 12:17:03 PM
> Subject: Re: [ovirt-users] Issue with vdsm on EL6 nodes
> 
> On 04/07/2015 04:45 PM, Alon Bar-Lev wrote:
> >
> >
> > ----- Original Message -----
> >> From: "knarra" <knarra at redhat.com>
> >> To: "Alon Bar-Lev" <alonbl at redhat.com>
> >> Cc: users at ovirt.org
> >> Sent: Tuesday, April 7, 2015 3:39:58 PM
> >> Subject: Re: [ovirt-users] Issue with vdsm on EL6 nodes
> >>
> >> On 04/07/2015 05:58 PM, Alon Bar-Lev wrote:
> >>>
> >>> ----- Original Message -----
> >>>> From: "knarra" <knarra at redhat.com>
> >>>> To: "Alon Bar-Lev" <alonbl at redhat.com>
> >>>> Cc: users at ovirt.org
> >>>> Sent: Tuesday, April 7, 2015 3:25:07 PM
> >>>> Subject: Re: [ovirt-users] Issue with vdsm on EL6 nodes
> >>>>
> >>>> On 04/07/2015 05:50 PM, Alon Bar-Lev wrote:
> >>>>> ----- Original Message -----
> >>>>>> From: "knarra" <knarra at redhat.com>
> >>>>>> To: users at ovirt.org
> >>>>>> Sent: Tuesday, April 7, 2015 3:15:12 PM
> >>>>>> Subject: [ovirt-users] Issue with vdsm on EL6 nodes
> >>>>>>
> >>>>> <snip>
> >>>>>
> >>>>>> SSLError: [Errno 1] _ssl.c:1390: error:1409442E:SSL
> >>>>>> routines:SSL3_READ_BYTES:tlsv1 alert protocol version
> >>>>>>
> >>>>>> Can some one help me to resolve this issue.
> >>>>> your openssl is patched to disable ssv3, and engine is trying to
> >>>>> communicate using sslv3.
> >>>>>
> >>>>> please upgrade engine to latest z-stream, it should be resolved.
> >>>> Hi Alon,
> >>>>
> >>>>        I checked the following value in my database and my engine is
> >>>>        using
> >>>> TLSv1 and not sslv3 to comminucate. I am on 3.6 master branch.
> >>>>
> >>>> engine=# select option_name,option_value from vdc_options where
> >>>> option_name = 'VdsmSSLProtocol';
> >>>>       option_name   | option_value
> >>>> -----------------+--------------
> >>>>     VdsmSSLProtocol | TLSv1
> >>>> (1 row)
> >>> hmmm.... and you say you get this when you use vdsClient, so maybe it
> >>> tries
> >>> to connect using sslv3.
> >>>
> >>> is engine working proberly?
> >> yes, engine works fine, i have few other nodes where i have the same
> >> vdsm version added to same engine and i do not hit this issue there. I
> >> am just wondering how is this happening.
> >>
> >
> > compare openssl version.
> >
> > yaniv, please fix the vdsClient to use TLSv1
> >
> should it use v1 always (forcefully)? we can do that, but currently it
> chooses the highest version both parties are able to use

it looks like it uses SSLv3 per this report.


More information about the Users mailing list