Interesting...it seems like we should be able to do something on the MS side, too, to detect such a hung thread, kill it, and create a new one.
On Tue, Jan 27, 2015 at 10:56 PM, Marcus <shadow...@gmail.com> wrote: > Indeed. I thought so, but I tried installing it and didn't get it to > work. I guess I didn't try right because I eventually got it going. > > There's been a fix committed to 4.3 for the SSL "poodle" attack, > however, the fix in its current version seems to require java 7 for > TLSv1.2, even if the binaries are compiled for java 6. > > So basically if we roll another 4.3 release including this poodle > patch we will also need to provide a new system vm template. It's > particularly nasty, as the system vm's agent connects to the mgmt > server, fails to negotiate TLSv1.2 due to missing support, and leaves > the mgmt server's agent thread hanging, waiting for timeout. it > effectively DDoS's the mgmt server into not allowing any hypervisors > to connect. > > On Tue, Jan 27, 2015 at 6:34 PM, Mike Tutkowski > <mike.tutkow...@solidfire.com> wrote: > > I think the 4.4 system VM templates use Java 7. > > > > On Tuesday, January 27, 2015, Marcus <shadow...@gmail.com> wrote: > > > >> Anyone know if there's a systemvm version shipping with java 7? Is 4.4 > >> systemvm supposed to have it (since the release notes say java 1.7)? > >> > > > > > > -- > > *Mike Tutkowski* > > *Senior CloudStack Developer, SolidFire Inc.* > > e: mike.tutkow...@solidfire.com > > o: 303.746.7302 > > Advancing the way the world uses the cloud > > <http://solidfire.com/solution/overview/?video=play>*™* > -- *Mike Tutkowski* *Senior CloudStack Developer, SolidFire Inc.* e: mike.tutkow...@solidfire.com o: 303.746.7302 Advancing the way the world uses the cloud <http://solidfire.com/solution/overview/?video=play>*™*
