subject:"\[jira\] \[Commented\] \(CLOUDSTACK\-10319\) Prefer TLSv1.2 and deprecate TLS 1.0\/1.1"

[jira] [Commented] (CLOUDSTACK-10319) Prefer TLSv1.2 and deprecate TLS 1.0/1.1

2018-03-26 Thread ASF GitHub Bot (JIRA)


[ 
https://issues.apache.org/jira/browse/CLOUDSTACK-10319?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16414996#comment-16414996
 ] 

ASF GitHub Bot commented on CLOUDSTACK-10319:
-

blueorangutan commented on issue #2507: CLOUDSTACK-10319: Allow TLSv1, v1.1 for 
XenServer, Vmware
URL: https://github.com/apache/cloudstack/pull/2507#issuecomment-376393285
 
 
   Trillian test result (tid-2412)
   Environment: vmware-55u3 (x2), Advanced Networking with Mgmt server 7
   Total time taken: 151811 seconds
   Marvin logs: 
https://github.com/blueorangutan/acs-prs/releases/download/trillian/pr2507-t2412-vmware-55u3.zip
   Intermitten failure detected: /marvin/tests/smoke/test_privategw_acl.py
   Intermitten failure detected: /marvin/tests/smoke/test_routers_network_ops.py
   Intermitten failure detected: /marvin/tests/smoke/test_routers.py
   Intermitten failure detected: /marvin/tests/smoke/test_service_offerings.py
   Intermitten failure detected: /marvin/tests/smoke/test_templates.py
   Intermitten failure detected: /marvin/tests/smoke/test_usage.py
   Intermitten failure detected: /marvin/tests/smoke/test_vpc_redundant.py
   Smoke tests completed. 63 look OK, 4 have error(s)
   Only failed tests results shown below:
   
   
   Test | Result | Time (s) | Test File
   --- | --- | --- | ---
   test_01_RVR_Network_FW_PF_SSH_default_routes_egress_true | `Failure` | 
2119.12 | test_routers_network_ops.py
   test_04_restart_network_wo_cleanup | `Failure` | 4.38 | test_routers.py
   ContextSuite context=TestCpuCapServiceOfferings>:teardown | `Error` | 0.00 | 
test_service_offerings.py
   test_04_rvpc_network_garbage_collector_nics | `Failure` | 664.10 | 
test_vpc_redundant.py
   


This is an automated message from the Apache Git Service.
To respond to the message, please log on GitHub and use the
URL above to go to the specific comment.
 
For queries about this service, please contact Infrastructure at:
us...@infra.apache.org


> Prefer TLSv1.2 and deprecate TLS 1.0/1.1
> 
>
> Key: CLOUDSTACK-10319
> URL: https://issues.apache.org/jira/browse/CLOUDSTACK-10319
> Project: CloudStack
>  Issue Type: Bug
>  Security Level: Public(Anyone can view this level - this is the 
> default.) 
>Reporter: Rohit Yadav
>Assignee: Rohit Yadav
>Priority: Major
> Fix For: 4.12.0.0, 4.11.1.0
>
>
> TLS 1.0 and 1.1 are both recommended to not be used. The aim would be to make 
> cloudstack prefer tls 1.2.



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

[jira] [Commented] (CLOUDSTACK-10319) Prefer TLSv1.2 and deprecate TLS 1.0/1.1

2018-03-26 Thread ASF GitHub Bot (JIRA)


[ 
https://issues.apache.org/jira/browse/CLOUDSTACK-10319?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16413615#comment-16413615
 ] 

ASF GitHub Bot commented on CLOUDSTACK-10319:
-

blueorangutan commented on issue #2507: CLOUDSTACK-10319: Allow TLSv1, v1.1 for 
XenServer, Vmware
URL: https://github.com/apache/cloudstack/pull/2507#issuecomment-376100098
 
 
   Packaging result: ✔centos6 ✔centos7 ✔debian. JID-1828


This is an automated message from the Apache Git Service.
To respond to the message, please log on GitHub and use the
URL above to go to the specific comment.
 
For queries about this service, please contact Infrastructure at:
us...@infra.apache.org


> Prefer TLSv1.2 and deprecate TLS 1.0/1.1
> 
>
> Key: CLOUDSTACK-10319
> URL: https://issues.apache.org/jira/browse/CLOUDSTACK-10319
> Project: CloudStack
>  Issue Type: Bug
>  Security Level: Public(Anyone can view this level - this is the 
> default.) 
>Reporter: Rohit Yadav
>Assignee: Rohit Yadav
>Priority: Major
> Fix For: 4.12.0.0, 4.11.1.0
>
>
> TLS 1.0 and 1.1 are both recommended to not be used. The aim would be to make 
> cloudstack prefer tls 1.2.



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

[jira] [Commented] (CLOUDSTACK-10319) Prefer TLSv1.2 and deprecate TLS 1.0/1.1

2018-03-26 Thread ASF subversion and git services (JIRA)


[ 
https://issues.apache.org/jira/browse/CLOUDSTACK-10319?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16413584#comment-16413584
 ] 

ASF subversion and git services commented on CLOUDSTACK-10319:
--

Commit 9222da2d625e4d85889c7d8bc1c5f0caea448129 in cloudstack's branch 
refs/heads/master from [~rohit.ya...@shapeblue.com]
[ https://gitbox.apache.org/repos/asf?p=cloudstack.git;h=9222da2 ]

[Merge 4.11] CLOUDSTACK-10319: Allow TLSv1, v1.1 for XenServer, Vmware (#2507)

Signed-off-by: Rohit Yadav 


> Prefer TLSv1.2 and deprecate TLS 1.0/1.1
> 
>
> Key: CLOUDSTACK-10319
> URL: https://issues.apache.org/jira/browse/CLOUDSTACK-10319
> Project: CloudStack
>  Issue Type: Bug
>  Security Level: Public(Anyone can view this level - this is the 
> default.) 
>Reporter: Rohit Yadav
>Assignee: Rohit Yadav
>Priority: Major
> Fix For: 4.12.0.0, 4.11.1.0
>
>
> TLS 1.0 and 1.1 are both recommended to not be used. The aim would be to make 
> cloudstack prefer tls 1.2.



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

[jira] [Commented] (CLOUDSTACK-10319) Prefer TLSv1.2 and deprecate TLS 1.0/1.1

2018-03-26 Thread ASF subversion and git services (JIRA)


[ 
https://issues.apache.org/jira/browse/CLOUDSTACK-10319?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16413583#comment-16413583
 ] 

ASF subversion and git services commented on CLOUDSTACK-10319:
--

Commit c4cc679c3b34a5f38cc17a01a96e9d69aa370641 in cloudstack's branch 
refs/heads/master from [~rohithsharma]
[ https://gitbox.apache.org/repos/asf?p=cloudstack.git;h=c4cc679 ]

CLOUDSTACK-10319: Allow TLSv1, v1.1 for XenServer, Vmware (#2507)

This reverts changes from #2480, instead moves TLS settings to
java ciphers settings config file. It should be sufficient to enforce
TLS v1.2 on public facing CloudStack services:
- CloudStack webserver (Jetty based)
- Apache2 for secondary storage VM
- CPVM HTTPs server

Signed-off-by: Rohit Yadav 

> Prefer TLSv1.2 and deprecate TLS 1.0/1.1
> 
>
> Key: CLOUDSTACK-10319
> URL: https://issues.apache.org/jira/browse/CLOUDSTACK-10319
> Project: CloudStack
>  Issue Type: Bug
>  Security Level: Public(Anyone can view this level - this is the 
> default.) 
>Reporter: Rohit Yadav
>Assignee: Rohit Yadav
>Priority: Major
> Fix For: 4.12.0.0, 4.11.1.0
>
>
> TLS 1.0 and 1.1 are both recommended to not be used. The aim would be to make 
> cloudstack prefer tls 1.2.



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

[jira] [Commented] (CLOUDSTACK-10319) Prefer TLSv1.2 and deprecate TLS 1.0/1.1

2018-03-26 Thread ASF GitHub Bot (JIRA)


[ 
https://issues.apache.org/jira/browse/CLOUDSTACK-10319?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16413581#comment-16413581
 ] 

ASF GitHub Bot commented on CLOUDSTACK-10319:
-

blueorangutan commented on issue #2507: CLOUDSTACK-10319: Allow TLSv1, v1.1 for 
XenServer, Vmware
URL: https://github.com/apache/cloudstack/pull/2507#issuecomment-376091570
 
 
   @rhtyd a Jenkins job has been kicked to build packages. I'll keep you posted 
as I make progress.


This is an automated message from the Apache Git Service.
To respond to the message, please log on GitHub and use the
URL above to go to the specific comment.
 
For queries about this service, please contact Infrastructure at:
us...@infra.apache.org


> Prefer TLSv1.2 and deprecate TLS 1.0/1.1
> 
>
> Key: CLOUDSTACK-10319
> URL: https://issues.apache.org/jira/browse/CLOUDSTACK-10319
> Project: CloudStack
>  Issue Type: Bug
>  Security Level: Public(Anyone can view this level - this is the 
> default.) 
>Reporter: Rohit Yadav
>Assignee: Rohit Yadav
>Priority: Major
> Fix For: 4.12.0.0, 4.11.1.0
>
>
> TLS 1.0 and 1.1 are both recommended to not be used. The aim would be to make 
> cloudstack prefer tls 1.2.



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

[jira] [Commented] (CLOUDSTACK-10319) Prefer TLSv1.2 and deprecate TLS 1.0/1.1

2018-03-26 Thread ASF GitHub Bot (JIRA)


[ 
https://issues.apache.org/jira/browse/CLOUDSTACK-10319?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16413578#comment-16413578
 ] 

ASF GitHub Bot commented on CLOUDSTACK-10319:
-

rhtyd commented on issue #2507: CLOUDSTACK-10319: Allow TLSv1, v1.1 for 
XenServer, Vmware
URL: https://github.com/apache/cloudstack/pull/2507#issuecomment-376091371
 
 
   Checked test results, test LGTM (the failures are all env issues). I'll 
merge this to unblock other PRs who are failing testing on older 
xenserver/vmware based environments.


This is an automated message from the Apache Git Service.
To respond to the message, please log on GitHub and use the
URL above to go to the specific comment.
 
For queries about this service, please contact Infrastructure at:
us...@infra.apache.org


> Prefer TLSv1.2 and deprecate TLS 1.0/1.1
> 
>
> Key: CLOUDSTACK-10319
> URL: https://issues.apache.org/jira/browse/CLOUDSTACK-10319
> Project: CloudStack
>  Issue Type: Bug
>  Security Level: Public(Anyone can view this level - this is the 
> default.) 
>Reporter: Rohit Yadav
>Assignee: Rohit Yadav
>Priority: Major
> Fix For: 4.12.0.0, 4.11.1.0
>
>
> TLS 1.0 and 1.1 are both recommended to not be used. The aim would be to make 
> cloudstack prefer tls 1.2.



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

[jira] [Commented] (CLOUDSTACK-10319) Prefer TLSv1.2 and deprecate TLS 1.0/1.1

2018-03-26 Thread ASF GitHub Bot (JIRA)


[ 
https://issues.apache.org/jira/browse/CLOUDSTACK-10319?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16413579#comment-16413579
 ] 

ASF GitHub Bot commented on CLOUDSTACK-10319:
-

rhtyd closed pull request #2507: CLOUDSTACK-10319: Allow TLSv1, v1.1 for 
XenServer, Vmware
URL: https://github.com/apache/cloudstack/pull/2507
 
 
   

This is a PR merged from a forked repository.
As GitHub hides the original diff on merge, it is displayed below for
the sake of provenance:

As this is a foreign pull request (from a fork), the diff is supplied
below (as it won't show otherwise due to GitHub magic):

diff --git a/client/conf/java.security.ciphers.in 
b/client/conf/java.security.ciphers.in
index 986abf61e71..27e2d690ee6 100644
--- a/client/conf/java.security.ciphers.in
+++ b/client/conf/java.security.ciphers.in
@@ -15,4 +15,4 @@
  # specific language governing permissions and limitations
  # under the License.
 
-jdk.tls.disabledAlgorithms=DH keySize < 128, RSA keySize < 128, DES keySize < 
128, SHA1 keySize < 128, MD5 keySize < 128, RC4
\ No newline at end of file
+jdk.tls.disabledAlgorithms=SSLv2Hello, SSLv3, TLSv1, TLSv1.1, DH keySize < 
128, RSA keySize < 128, DES keySize < 128, SHA1 keySize < 128, MD5 keySize < 
128, RC4
diff --git 
a/utils/src/main/java/org/apache/cloudstack/utils/security/SSLUtils.java 
b/utils/src/main/java/org/apache/cloudstack/utils/security/SSLUtils.java
index 9fbdb4aa553..8016f5a1916 100644
--- a/utils/src/main/java/org/apache/cloudstack/utils/security/SSLUtils.java
+++ b/utils/src/main/java/org/apache/cloudstack/utils/security/SSLUtils.java
@@ -34,7 +34,7 @@
 public static String[] getSupportedProtocols(String[] protocols) {
 Set set = new HashSet();
 for (String s : protocols) {
-if (s.equals("TLSv1") || s.equals("TLSv1.1") || s.equals("SSLv3") 
|| s.equals("SSLv2Hello")) {
+if (s.equals("SSLv3") || s.equals("SSLv2Hello")) {
 continue;
 }
 set.add(s);
@@ -46,7 +46,7 @@
  * It returns recommended protocols that are considered secure.
  */
 public static String[] getRecommendedProtocols() {
-return new String[] { "TLSv1.2" };
+return new String[] { "TLSv1", "TLSv1.1", "TLSv1.2" };
 }
 
 /**
diff --git a/utils/src/test/java/com/cloud/utils/security/SSLUtilsTest.java 
b/utils/src/test/java/com/cloud/utils/security/SSLUtilsTest.java
index 6c66dcd1bd0..625b538d7f2 100644
--- a/utils/src/test/java/com/cloud/utils/security/SSLUtilsTest.java
+++ b/utils/src/test/java/com/cloud/utils/security/SSLUtilsTest.java
@@ -69,9 +69,9 @@ public void getSupportedProtocolsTest() {
 }
 
 private void verifyProtocols(ArrayList protocolsList) {
+Assert.assertTrue(protocolsList.contains("TLSv1"));
+Assert.assertTrue(protocolsList.contains("TLSv1.1"));
 Assert.assertTrue(protocolsList.contains("TLSv1.2"));
-Assert.assertFalse(protocolsList.contains("TLSv1"));
-Assert.assertFalse(protocolsList.contains("TLSv1.1"));
 Assert.assertFalse(protocolsList.contains("SSLv3"));
 Assert.assertFalse(protocolsList.contains("SSLv2Hello"));
 }


 


This is an automated message from the Apache Git Service.
To respond to the message, please log on GitHub and use the
URL above to go to the specific comment.
 
For queries about this service, please contact Infrastructure at:
us...@infra.apache.org


> Prefer TLSv1.2 and deprecate TLS 1.0/1.1
> 
>
> Key: CLOUDSTACK-10319
> URL: https://issues.apache.org/jira/browse/CLOUDSTACK-10319
> Project: CloudStack
>  Issue Type: Bug
>  Security Level: Public(Anyone can view this level - this is the 
> default.) 
>Reporter: Rohit Yadav
>Assignee: Rohit Yadav
>Priority: Major
> Fix For: 4.12.0.0, 4.11.1.0
>
>
> TLS 1.0 and 1.1 are both recommended to not be used. The aim would be to make 
> cloudstack prefer tls 1.2.



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

[jira] [Commented] (CLOUDSTACK-10319) Prefer TLSv1.2 and deprecate TLS 1.0/1.1

2018-03-26 Thread ASF subversion and git services (JIRA)


[ 
https://issues.apache.org/jira/browse/CLOUDSTACK-10319?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16413580#comment-16413580
 ] 

ASF subversion and git services commented on CLOUDSTACK-10319:
--

Commit c4cc679c3b34a5f38cc17a01a96e9d69aa370641 in cloudstack's branch 
refs/heads/4.11 from [~rohithsharma]
[ https://gitbox.apache.org/repos/asf?p=cloudstack.git;h=c4cc679 ]

CLOUDSTACK-10319: Allow TLSv1, v1.1 for XenServer, Vmware (#2507)

This reverts changes from #2480, instead moves TLS settings to
java ciphers settings config file. It should be sufficient to enforce
TLS v1.2 on public facing CloudStack services:
- CloudStack webserver (Jetty based)
- Apache2 for secondary storage VM
- CPVM HTTPs server

Signed-off-by: Rohit Yadav 

> Prefer TLSv1.2 and deprecate TLS 1.0/1.1
> 
>
> Key: CLOUDSTACK-10319
> URL: https://issues.apache.org/jira/browse/CLOUDSTACK-10319
> Project: CloudStack
>  Issue Type: Bug
>  Security Level: Public(Anyone can view this level - this is the 
> default.) 
>Reporter: Rohit Yadav
>Assignee: Rohit Yadav
>Priority: Major
> Fix For: 4.12.0.0, 4.11.1.0
>
>
> TLS 1.0 and 1.1 are both recommended to not be used. The aim would be to make 
> cloudstack prefer tls 1.2.



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

[jira] [Commented] (CLOUDSTACK-10319) Prefer TLSv1.2 and deprecate TLS 1.0/1.1

2018-03-26 Thread ASF GitHub Bot (JIRA)


[ 
https://issues.apache.org/jira/browse/CLOUDSTACK-10319?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16413577#comment-16413577
 ] 

ASF GitHub Bot commented on CLOUDSTACK-10319:
-

blueorangutan commented on issue #2507: CLOUDSTACK-10319: Allow TLSv1, v1.1 for 
XenServer, Vmware
URL: https://github.com/apache/cloudstack/pull/2507#issuecomment-376090147
 
 
   Packaging result: ✖centos6 ✔centos7 ✔debian. JID-1827


This is an automated message from the Apache Git Service.
To respond to the message, please log on GitHub and use the
URL above to go to the specific comment.
 
For queries about this service, please contact Infrastructure at:
us...@infra.apache.org


> Prefer TLSv1.2 and deprecate TLS 1.0/1.1
> 
>
> Key: CLOUDSTACK-10319
> URL: https://issues.apache.org/jira/browse/CLOUDSTACK-10319
> Project: CloudStack
>  Issue Type: Bug
>  Security Level: Public(Anyone can view this level - this is the 
> default.) 
>Reporter: Rohit Yadav
>Assignee: Rohit Yadav
>Priority: Major
> Fix For: 4.12.0.0, 4.11.1.0
>
>
> TLS 1.0 and 1.1 are both recommended to not be used. The aim would be to make 
> cloudstack prefer tls 1.2.



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

[jira] [Commented] (CLOUDSTACK-10319) Prefer TLSv1.2 and deprecate TLS 1.0/1.1

2018-03-26 Thread ASF GitHub Bot (JIRA)


[ 
https://issues.apache.org/jira/browse/CLOUDSTACK-10319?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16413572#comment-16413572
 ] 

ASF GitHub Bot commented on CLOUDSTACK-10319:
-

blueorangutan commented on issue #2507: CLOUDSTACK-10319: Allow TLSv1, v1.1 for 
XenServer, Vmware
URL: https://github.com/apache/cloudstack/pull/2507#issuecomment-376090147
 
 
   Packaging result: ✖centos6 ✔centos7 ✔debian. JID-1827


This is an automated message from the Apache Git Service.
To respond to the message, please log on GitHub and use the
URL above to go to the specific comment.
 
For queries about this service, please contact Infrastructure at:
us...@infra.apache.org


> Prefer TLSv1.2 and deprecate TLS 1.0/1.1
> 
>
> Key: CLOUDSTACK-10319
> URL: https://issues.apache.org/jira/browse/CLOUDSTACK-10319
> Project: CloudStack
>  Issue Type: Bug
>  Security Level: Public(Anyone can view this level - this is the 
> default.) 
>Reporter: Rohit Yadav
>Assignee: Rohit Yadav
>Priority: Major
> Fix For: 4.12.0.0, 4.11.1.0
>
>
> TLS 1.0 and 1.1 are both recommended to not be used. The aim would be to make 
> cloudstack prefer tls 1.2.



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

[jira] [Commented] (CLOUDSTACK-10319) Prefer TLSv1.2 and deprecate TLS 1.0/1.1

2018-03-26 Thread ASF GitHub Bot (JIRA)


[ 
https://issues.apache.org/jira/browse/CLOUDSTACK-10319?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16413549#comment-16413549
 ] 

ASF GitHub Bot commented on CLOUDSTACK-10319:
-

blueorangutan commented on issue #2507: CLOUDSTACK-10319: Allow TLSv1, v1.1 for 
XenServer, Vmware
URL: https://github.com/apache/cloudstack/pull/2507#issuecomment-376082971
 
 
   @rhtyd a Jenkins job has been kicked to build packages. I'll keep you posted 
as I make progress.


This is an automated message from the Apache Git Service.
To respond to the message, please log on GitHub and use the
URL above to go to the specific comment.
 
For queries about this service, please contact Infrastructure at:
us...@infra.apache.org


> Prefer TLSv1.2 and deprecate TLS 1.0/1.1
> 
>
> Key: CLOUDSTACK-10319
> URL: https://issues.apache.org/jira/browse/CLOUDSTACK-10319
> Project: CloudStack
>  Issue Type: Bug
>  Security Level: Public(Anyone can view this level - this is the 
> default.) 
>Reporter: Rohit Yadav
>Assignee: Rohit Yadav
>Priority: Major
> Fix For: 4.12.0.0, 4.11.1.0
>
>
> TLS 1.0 and 1.1 are both recommended to not be used. The aim would be to make 
> cloudstack prefer tls 1.2.



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

[jira] [Commented] (CLOUDSTACK-10319) Prefer TLSv1.2 and deprecate TLS 1.0/1.1

2018-03-26 Thread ASF GitHub Bot (JIRA)


[ 
https://issues.apache.org/jira/browse/CLOUDSTACK-10319?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16413461#comment-16413461
 ] 

ASF GitHub Bot commented on CLOUDSTACK-10319:
-

rhtyd commented on issue #2507: CLOUDSTACK-10319: Allow TLSv1, v1.1 for 
XenServer, Vmware
URL: https://github.com/apache/cloudstack/pull/2507#issuecomment-376065281
 
 
   @blueorangutan test centos7 vmware-55u3
   
   


This is an automated message from the Apache Git Service.
To respond to the message, please log on GitHub and use the
URL above to go to the specific comment.
 
For queries about this service, please contact Infrastructure at:
us...@infra.apache.org


> Prefer TLSv1.2 and deprecate TLS 1.0/1.1
> 
>
> Key: CLOUDSTACK-10319
> URL: https://issues.apache.org/jira/browse/CLOUDSTACK-10319
> Project: CloudStack
>  Issue Type: Bug
>  Security Level: Public(Anyone can view this level - this is the 
> default.) 
>Reporter: Rohit Yadav
>Assignee: Rohit Yadav
>Priority: Major
> Fix For: 4.12.0.0, 4.11.1.0
>
>
> TLS 1.0 and 1.1 are both recommended to not be used. The aim would be to make 
> cloudstack prefer tls 1.2.



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

[jira] [Commented] (CLOUDSTACK-10319) Prefer TLSv1.2 and deprecate TLS 1.0/1.1

2018-03-26 Thread ASF GitHub Bot (JIRA)


[ 
https://issues.apache.org/jira/browse/CLOUDSTACK-10319?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16413457#comment-16413457
 ] 

ASF GitHub Bot commented on CLOUDSTACK-10319:
-

blueorangutan commented on issue #2507: CLOUDSTACK-10319: Allow TLSv1, v1.1 for 
XenServer, Vmware
URL: https://github.com/apache/cloudstack/pull/2507#issuecomment-375957838
 
 
   @rhtyd a Trillian-Jenkins test job (centos7 mgmt + vmware-55u3) has been 
kicked to run smoke tests


This is an automated message from the Apache Git Service.
To respond to the message, please log on GitHub and use the
URL above to go to the specific comment.
 
For queries about this service, please contact Infrastructure at:
us...@infra.apache.org


> Prefer TLSv1.2 and deprecate TLS 1.0/1.1
> 
>
> Key: CLOUDSTACK-10319
> URL: https://issues.apache.org/jira/browse/CLOUDSTACK-10319
> Project: CloudStack
>  Issue Type: Bug
>  Security Level: Public(Anyone can view this level - this is the 
> default.) 
>Reporter: Rohit Yadav
>Assignee: Rohit Yadav
>Priority: Major
> Fix For: 4.12.0.0, 4.11.1.0
>
>
> TLS 1.0 and 1.1 are both recommended to not be used. The aim would be to make 
> cloudstack prefer tls 1.2.



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

[jira] [Commented] (CLOUDSTACK-10319) Prefer TLSv1.2 and deprecate TLS 1.0/1.1

2018-03-26 Thread ASF GitHub Bot (JIRA)


[ 
https://issues.apache.org/jira/browse/CLOUDSTACK-10319?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16413456#comment-16413456
 ] 

ASF GitHub Bot commented on CLOUDSTACK-10319:
-

rhtyd commented on issue #2507: CLOUDSTACK-10319: Allow TLSv1, v1.1 for 
XenServer, Vmware
URL: https://github.com/apache/cloudstack/pull/2507#issuecomment-375957793
 
 
   @blueorangutan test centos7 vmware-55u3


This is an automated message from the Apache Git Service.
To respond to the message, please log on GitHub and use the
URL above to go to the specific comment.
 
For queries about this service, please contact Infrastructure at:
us...@infra.apache.org


> Prefer TLSv1.2 and deprecate TLS 1.0/1.1
> 
>
> Key: CLOUDSTACK-10319
> URL: https://issues.apache.org/jira/browse/CLOUDSTACK-10319
> Project: CloudStack
>  Issue Type: Bug
>  Security Level: Public(Anyone can view this level - this is the 
> default.) 
>Reporter: Rohit Yadav
>Assignee: Rohit Yadav
>Priority: Major
> Fix For: 4.12.0.0, 4.11.1.0
>
>
> TLS 1.0 and 1.1 are both recommended to not be used. The aim would be to make 
> cloudstack prefer tls 1.2.



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

[jira] [Commented] (CLOUDSTACK-10319) Prefer TLSv1.2 and deprecate TLS 1.0/1.1

2018-03-26 Thread ASF GitHub Bot (JIRA)


[ 
https://issues.apache.org/jira/browse/CLOUDSTACK-10319?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16413458#comment-16413458
 ] 

ASF GitHub Bot commented on CLOUDSTACK-10319:
-

rhtyd commented on issue #2507: CLOUDSTACK-10319: Allow TLSv1, v1.1 for 
XenServer, Vmware
URL: https://github.com/apache/cloudstack/pull/2507#issuecomment-376065281
 
 
   @blueorangutan test centos7 vmware-55u3
   
   


This is an automated message from the Apache Git Service.
To respond to the message, please log on GitHub and use the
URL above to go to the specific comment.
 
For queries about this service, please contact Infrastructure at:
us...@infra.apache.org


> Prefer TLSv1.2 and deprecate TLS 1.0/1.1
> 
>
> Key: CLOUDSTACK-10319
> URL: https://issues.apache.org/jira/browse/CLOUDSTACK-10319
> Project: CloudStack
>  Issue Type: Bug
>  Security Level: Public(Anyone can view this level - this is the 
> default.) 
>Reporter: Rohit Yadav
>Assignee: Rohit Yadav
>Priority: Major
> Fix For: 4.12.0.0, 4.11.1.0
>
>
> TLS 1.0 and 1.1 are both recommended to not be used. The aim would be to make 
> cloudstack prefer tls 1.2.



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

[jira] [Commented] (CLOUDSTACK-10319) Prefer TLSv1.2 and deprecate TLS 1.0/1.1

2018-03-25 Thread ASF GitHub Bot (JIRA)


[ 
https://issues.apache.org/jira/browse/CLOUDSTACK-10319?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16412962#comment-16412962
 ] 

ASF GitHub Bot commented on CLOUDSTACK-10319:
-

blueorangutan commented on issue #2507: CLOUDSTACK-10319: Allow TLSv1, v1.1 for 
XenServer, Vmware
URL: https://github.com/apache/cloudstack/pull/2507#issuecomment-375957838
 
 
   @rhtyd a Trillian-Jenkins test job (centos7 mgmt + vmware-55u3) has been 
kicked to run smoke tests


This is an automated message from the Apache Git Service.
To respond to the message, please log on GitHub and use the
URL above to go to the specific comment.
 
For queries about this service, please contact Infrastructure at:
us...@infra.apache.org


> Prefer TLSv1.2 and deprecate TLS 1.0/1.1
> 
>
> Key: CLOUDSTACK-10319
> URL: https://issues.apache.org/jira/browse/CLOUDSTACK-10319
> Project: CloudStack
>  Issue Type: Bug
>  Security Level: Public(Anyone can view this level - this is the 
> default.) 
>Reporter: Rohit Yadav
>Assignee: Rohit Yadav
>Priority: Major
> Fix For: 4.12.0.0, 4.11.1.0
>
>
> TLS 1.0 and 1.1 are both recommended to not be used. The aim would be to make 
> cloudstack prefer tls 1.2.



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

[jira] [Commented] (CLOUDSTACK-10319) Prefer TLSv1.2 and deprecate TLS 1.0/1.1

2018-03-25 Thread ASF GitHub Bot (JIRA)


[ 
https://issues.apache.org/jira/browse/CLOUDSTACK-10319?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16412961#comment-16412961
 ] 

ASF GitHub Bot commented on CLOUDSTACK-10319:
-

rhtyd commented on issue #2507: CLOUDSTACK-10319: Allow TLSv1, v1.1 for 
XenServer, Vmware
URL: https://github.com/apache/cloudstack/pull/2507#issuecomment-375957793
 
 
   @blueorangutan test centos7 vmware-55u3


This is an automated message from the Apache Git Service.
To respond to the message, please log on GitHub and use the
URL above to go to the specific comment.
 
For queries about this service, please contact Infrastructure at:
us...@infra.apache.org


> Prefer TLSv1.2 and deprecate TLS 1.0/1.1
> 
>
> Key: CLOUDSTACK-10319
> URL: https://issues.apache.org/jira/browse/CLOUDSTACK-10319
> Project: CloudStack
>  Issue Type: Bug
>  Security Level: Public(Anyone can view this level - this is the 
> default.) 
>Reporter: Rohit Yadav
>Assignee: Rohit Yadav
>Priority: Major
> Fix For: 4.12.0.0, 4.11.1.0
>
>
> TLS 1.0 and 1.1 are both recommended to not be used. The aim would be to make 
> cloudstack prefer tls 1.2.



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

[jira] [Commented] (CLOUDSTACK-10319) Prefer TLSv1.2 and deprecate TLS 1.0/1.1

2018-03-24 Thread ASF GitHub Bot (JIRA)


[ 
https://issues.apache.org/jira/browse/CLOUDSTACK-10319?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16412884#comment-16412884
 ] 

ASF GitHub Bot commented on CLOUDSTACK-10319:
-

blueorangutan commented on issue #2507: CLOUDSTACK-10319: Allow TLSv1, v1.1 for 
XenServer, Vmware
URL: https://github.com/apache/cloudstack/pull/2507#issuecomment-375945194
 
 
   Trillian test result (tid-2409)
   Environment: vmware-55u3 (x2), Advanced Networking with Mgmt server 7
   Total time taken: 149712 seconds
   Marvin logs: 
https://github.com/blueorangutan/acs-prs/releases/download/trillian/pr2507-t2409-vmware-55u3.zip
   Intermitten failure detected: 
/marvin/tests/smoke/test_deploy_vm_root_resize.py
   Intermitten failure detected: /marvin/tests/smoke/test_public_ip_range.py
   Intermitten failure detected: /marvin/tests/smoke/test_routers_network_ops.py
   Intermitten failure detected: /marvin/tests/smoke/test_routers.py
   Intermitten failure detected: /marvin/tests/smoke/test_service_offerings.py
   Intermitten failure detected: /marvin/tests/smoke/test_templates.py
   Intermitten failure detected: /marvin/tests/smoke/test_usage.py
   Intermitten failure detected: /marvin/tests/smoke/test_volumes.py
   Intermitten failure detected: /marvin/tests/smoke/test_vpc_redundant.py
   Smoke tests completed. 60 look OK, 7 have error(s)
   Only failed tests results shown below:
   
   
   Test | Result | Time (s) | Test File
   --- | --- | --- | ---
   test_01_RVR_Network_FW_PF_SSH_default_routes_egress_true | `Failure` | 
2109.73 | test_routers_network_ops.py
   test_04_restart_network_wo_cleanup | `Failure` | 4.11 | test_routers.py
   ContextSuite context=TestCpuCapServiceOfferings>:teardown | `Error` | 0.00 | 
test_service_offerings.py
   test_04_extract_template | `Failure` | 164.99 | test_templates.py
   ContextSuite context=TestISOUsage>:setup | `Error` | 0.00 | test_usage.py
   test_06_download_detached_volume | `Failure` | 211.48 | test_volumes.py
   test_04_rvpc_network_garbage_collector_nics | `Failure` | 680.51 | 
test_vpc_redundant.py
   


This is an automated message from the Apache Git Service.
To respond to the message, please log on GitHub and use the
URL above to go to the specific comment.
 
For queries about this service, please contact Infrastructure at:
us...@infra.apache.org


> Prefer TLSv1.2 and deprecate TLS 1.0/1.1
> 
>
> Key: CLOUDSTACK-10319
> URL: https://issues.apache.org/jira/browse/CLOUDSTACK-10319
> Project: CloudStack
>  Issue Type: Bug
>  Security Level: Public(Anyone can view this level - this is the 
> default.) 
>Reporter: Rohit Yadav
>Assignee: Rohit Yadav
>Priority: Major
> Fix For: 4.12.0.0, 4.11.1.0
>
>
> TLS 1.0 and 1.1 are both recommended to not be used. The aim would be to make 
> cloudstack prefer tls 1.2.



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

[jira] [Commented] (CLOUDSTACK-10319) Prefer TLSv1.2 and deprecate TLS 1.0/1.1

2018-03-23 Thread ASF GitHub Bot (JIRA)


[ 
https://issues.apache.org/jira/browse/CLOUDSTACK-10319?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16411180#comment-16411180
 ] 

ASF GitHub Bot commented on CLOUDSTACK-10319:
-

blueorangutan commented on issue #2507: CLOUDSTACK-10319: Allow TLSv1, v1.1 for 
XenServer, Vmware
URL: https://github.com/apache/cloudstack/pull/2507#issuecomment-375618571
 
 
   @rhtyd a Trillian-Jenkins test job (centos7 mgmt + vmware-55u3) has been 
kicked to run smoke tests


This is an automated message from the Apache Git Service.
To respond to the message, please log on GitHub and use the
URL above to go to the specific comment.
 
For queries about this service, please contact Infrastructure at:
us...@infra.apache.org


> Prefer TLSv1.2 and deprecate TLS 1.0/1.1
> 
>
> Key: CLOUDSTACK-10319
> URL: https://issues.apache.org/jira/browse/CLOUDSTACK-10319
> Project: CloudStack
>  Issue Type: Bug
>  Security Level: Public(Anyone can view this level - this is the 
> default.) 
>Reporter: Rohit Yadav
>Assignee: Rohit Yadav
>Priority: Major
> Fix For: 4.12.0.0, 4.11.1.0
>
>
> TLS 1.0 and 1.1 are both recommended to not be used. The aim would be to make 
> cloudstack prefer tls 1.2.



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

[jira] [Commented] (CLOUDSTACK-10319) Prefer TLSv1.2 and deprecate TLS 1.0/1.1

2018-03-23 Thread ASF GitHub Bot (JIRA)


[ 
https://issues.apache.org/jira/browse/CLOUDSTACK-10319?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16411178#comment-16411178
 ] 

ASF GitHub Bot commented on CLOUDSTACK-10319:
-

rhtyd commented on issue #2507: CLOUDSTACK-10319: Allow TLSv1, v1.1 for 
XenServer, Vmware
URL: https://github.com/apache/cloudstack/pull/2507#issuecomment-375618329
 
 
   @blueorangutan test centos7 vmware-55u3


This is an automated message from the Apache Git Service.
To respond to the message, please log on GitHub and use the
URL above to go to the specific comment.
 
For queries about this service, please contact Infrastructure at:
us...@infra.apache.org


> Prefer TLSv1.2 and deprecate TLS 1.0/1.1
> 
>
> Key: CLOUDSTACK-10319
> URL: https://issues.apache.org/jira/browse/CLOUDSTACK-10319
> Project: CloudStack
>  Issue Type: Bug
>  Security Level: Public(Anyone can view this level - this is the 
> default.) 
>Reporter: Rohit Yadav
>Assignee: Rohit Yadav
>Priority: Major
> Fix For: 4.12.0.0, 4.11.1.0
>
>
> TLS 1.0 and 1.1 are both recommended to not be used. The aim would be to make 
> cloudstack prefer tls 1.2.



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

[jira] [Commented] (CLOUDSTACK-10319) Prefer TLSv1.2 and deprecate TLS 1.0/1.1

2018-03-23 Thread ASF GitHub Bot (JIRA)


[ 
https://issues.apache.org/jira/browse/CLOUDSTACK-10319?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16411100#comment-16411100
 ] 

ASF GitHub Bot commented on CLOUDSTACK-10319:
-

blueorangutan commented on issue #2507: CLOUDSTACK-10319: Allow TLSv1, v1.1 for 
XenServer, Vmware
URL: https://github.com/apache/cloudstack/pull/2507#issuecomment-375597210
 
 
   Packaging result: ✔centos6 ✔centos7 ✔debian. JID-1819


This is an automated message from the Apache Git Service.
To respond to the message, please log on GitHub and use the
URL above to go to the specific comment.
 
For queries about this service, please contact Infrastructure at:
us...@infra.apache.org


> Prefer TLSv1.2 and deprecate TLS 1.0/1.1
> 
>
> Key: CLOUDSTACK-10319
> URL: https://issues.apache.org/jira/browse/CLOUDSTACK-10319
> Project: CloudStack
>  Issue Type: Bug
>  Security Level: Public(Anyone can view this level - this is the 
> default.) 
>Reporter: Rohit Yadav
>Assignee: Rohit Yadav
>Priority: Major
> Fix For: 4.12.0.0, 4.11.1.0
>
>
> TLS 1.0 and 1.1 are both recommended to not be used. The aim would be to make 
> cloudstack prefer tls 1.2.



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

[jira] [Commented] (CLOUDSTACK-10319) Prefer TLSv1.2 and deprecate TLS 1.0/1.1

2018-03-23 Thread ASF GitHub Bot (JIRA)


[ 
https://issues.apache.org/jira/browse/CLOUDSTACK-10319?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16411056#comment-16411056
 ] 

ASF GitHub Bot commented on CLOUDSTACK-10319:
-

blueorangutan commented on issue #2507: CLOUDSTACK-10319: Allow TLSv1, v1.1 for 
XenServer, Vmware
URL: https://github.com/apache/cloudstack/pull/2507#issuecomment-375589643
 
 
   @rhtyd a Jenkins job has been kicked to build packages. I'll keep you posted 
as I make progress.


This is an automated message from the Apache Git Service.
To respond to the message, please log on GitHub and use the
URL above to go to the specific comment.
 
For queries about this service, please contact Infrastructure at:
us...@infra.apache.org


> Prefer TLSv1.2 and deprecate TLS 1.0/1.1
> 
>
> Key: CLOUDSTACK-10319
> URL: https://issues.apache.org/jira/browse/CLOUDSTACK-10319
> Project: CloudStack
>  Issue Type: Bug
>  Security Level: Public(Anyone can view this level - this is the 
> default.) 
>Reporter: Rohit Yadav
>Assignee: Rohit Yadav
>Priority: Major
> Fix For: 4.12.0.0, 4.11.1.0
>
>
> TLS 1.0 and 1.1 are both recommended to not be used. The aim would be to make 
> cloudstack prefer tls 1.2.



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

[jira] [Commented] (CLOUDSTACK-10319) Prefer TLSv1.2 and deprecate TLS 1.0/1.1

2018-03-23 Thread ASF GitHub Bot (JIRA)


[ 
https://issues.apache.org/jira/browse/CLOUDSTACK-10319?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16411055#comment-16411055
 ] 

ASF GitHub Bot commented on CLOUDSTACK-10319:
-

rhtyd opened a new pull request #2507: CLOUDSTACK-10319: Allow TLSv1, v1.1 for 
XenServer, Vmware
URL: https://github.com/apache/cloudstack/pull/2507
 
 
   ## Description
   
   This reverts changes from #2480, instead moves TLS settings to
   java ciphers settings config file. It should be sufficient to enforce
   TLS v1.2 on public facing CloudStack services:
   - CloudStack webserver (Jetty based)
   - Apache2 for secondary storage VM
   - CPVM HTTPs server
   
   
   
   
   ## Types of changes
   
   - [ ] Breaking change (fix or feature that would cause existing 
functionality to change)
   - [ ] New feature (non-breaking change which adds functionality)
   - [ ] Bug fix (non-breaking change which fixes an issue)
   - [ ] Enhancement (improves an existing feature and functionality)
   - [ ] Cleanup (Code refactoring and cleanup, that may add test cases)
   
   ## Checklist:
   
   
   - [ ] I have read the 
[CONTRIBUTING](https://github.com/apache/cloudstack/blob/master/CONTRIBUTING.md)
 document.
   - [ ] My code follows the code style of this project.
   - [ ] All new and existing tests passed.
   
   
   @blueorangutan package
   


This is an automated message from the Apache Git Service.
To respond to the message, please log on GitHub and use the
URL above to go to the specific comment.
 
For queries about this service, please contact Infrastructure at:
us...@infra.apache.org


> Prefer TLSv1.2 and deprecate TLS 1.0/1.1
> 
>
> Key: CLOUDSTACK-10319
> URL: https://issues.apache.org/jira/browse/CLOUDSTACK-10319
> Project: CloudStack
>  Issue Type: Bug
>  Security Level: Public(Anyone can view this level - this is the 
> default.) 
>Reporter: Rohit Yadav
>Assignee: Rohit Yadav
>Priority: Major
> Fix For: 4.12.0.0, 4.11.1.0
>
>
> TLS 1.0 and 1.1 are both recommended to not be used. The aim would be to make 
> cloudstack prefer tls 1.2.



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

[jira] [Commented] (CLOUDSTACK-10319) Prefer TLSv1.2 and deprecate TLS 1.0/1.1

2018-03-23 Thread ASF GitHub Bot (JIRA)


[ 
https://issues.apache.org/jira/browse/CLOUDSTACK-10319?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16411034#comment-16411034
 ] 

ASF GitHub Bot commented on CLOUDSTACK-10319:
-

rhtyd commented on issue #2480: CLOUDSTACK-10319: Prefer TLSv1.2, deprecate 
TLSv1.0,1.1
URL: https://github.com/apache/cloudstack/pull/2480#issuecomment-375585194
 
 
   @rafaelweingartner @PaulAngus and others this seems to break older 
xenservers and vmware 5.x vcenters which expects to connect via TLS 1.0. I 
think instead to do this system-wide we may only fix it for public facing 
services such as - (a) apache2 in systemvms, (b) console proxy server, (c) 
management server. I'll partially revert this.


This is an automated message from the Apache Git Service.
To respond to the message, please log on GitHub and use the
URL above to go to the specific comment.
 
For queries about this service, please contact Infrastructure at:
us...@infra.apache.org


> Prefer TLSv1.2 and deprecate TLS 1.0/1.1
> 
>
> Key: CLOUDSTACK-10319
> URL: https://issues.apache.org/jira/browse/CLOUDSTACK-10319
> Project: CloudStack
>  Issue Type: Bug
>  Security Level: Public(Anyone can view this level - this is the 
> default.) 
>Reporter: Rohit Yadav
>Assignee: Rohit Yadav
>Priority: Major
> Fix For: 4.12.0.0, 4.11.1.0
>
>
> TLS 1.0 and 1.1 are both recommended to not be used. The aim would be to make 
> cloudstack prefer tls 1.2.



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

[jira] [Commented] (CLOUDSTACK-10319) Prefer TLSv1.2 and deprecate TLS 1.0/1.1

2018-03-14 Thread ASF GitHub Bot (JIRA)


[ 
https://issues.apache.org/jira/browse/CLOUDSTACK-10319?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16398408#comment-16398408
 ] 

ASF GitHub Bot commented on CLOUDSTACK-10319:
-

rafaelweingartner commented on issue #2480: CLOUDSTACK-10319: Prefer TLSv1.2, 
deprecate TLSv1.0,1.1
URL: https://github.com/apache/cloudstack/pull/2480#issuecomment-372987591
 
 
   Ok, thanks.
   I had a problem with these changes and XenServer 6.5. XS 6.5 is using TLSV1.


This is an automated message from the Apache Git Service.
To respond to the message, please log on GitHub and use the
URL above to go to the specific comment.
 
For queries about this service, please contact Infrastructure at:
us...@infra.apache.org


> Prefer TLSv1.2 and deprecate TLS 1.0/1.1
> 
>
> Key: CLOUDSTACK-10319
> URL: https://issues.apache.org/jira/browse/CLOUDSTACK-10319
> Project: CloudStack
>  Issue Type: Bug
>  Security Level: Public(Anyone can view this level - this is the 
> default.) 
>Reporter: Rohit Yadav
>Assignee: Rohit Yadav
>Priority: Major
> Fix For: 4.12.0.0, 4.11.1.0
>
>
> TLS 1.0 and 1.1 are both recommended to not be used. The aim would be to make 
> cloudstack prefer tls 1.2.



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

[jira] [Commented] (CLOUDSTACK-10319) Prefer TLSv1.2 and deprecate TLS 1.0/1.1

2018-03-14 Thread ASF GitHub Bot (JIRA)


[ 
https://issues.apache.org/jira/browse/CLOUDSTACK-10319?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16398336#comment-16398336
 ] 

ASF GitHub Bot commented on CLOUDSTACK-10319:
-

rhtyd commented on issue #2480: CLOUDSTACK-10319: Prefer TLSv1.2, deprecate 
TLSv1.0,1.1
URL: https://github.com/apache/cloudstack/pull/2480#issuecomment-372960693
 
 
   @rafaelweingartner no, let me kick one explicitly on latest 4.11 via #2376


This is an automated message from the Apache Git Service.
To respond to the message, please log on GitHub and use the
URL above to go to the specific comment.
 
For queries about this service, please contact Infrastructure at:
us...@infra.apache.org


> Prefer TLSv1.2 and deprecate TLS 1.0/1.1
> 
>
> Key: CLOUDSTACK-10319
> URL: https://issues.apache.org/jira/browse/CLOUDSTACK-10319
> Project: CloudStack
>  Issue Type: Bug
>  Security Level: Public(Anyone can view this level - this is the 
> default.) 
>Reporter: Rohit Yadav
>Assignee: Rohit Yadav
>Priority: Major
> Fix For: 4.12.0.0, 4.11.1.0
>
>
> TLS 1.0 and 1.1 are both recommended to not be used. The aim would be to make 
> cloudstack prefer tls 1.2.



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

[jira] [Commented] (CLOUDSTACK-10319) Prefer TLSv1.2 and deprecate TLS 1.0/1.1

2018-03-13 Thread ASF GitHub Bot (JIRA)


[ 
https://issues.apache.org/jira/browse/CLOUDSTACK-10319?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16397680#comment-16397680
 ] 

ASF GitHub Bot commented on CLOUDSTACK-10319:
-

rafaelweingartner commented on issue #2480: CLOUDSTACK-10319: Prefer TLSv1.2, 
deprecate TLSv1.0,1.1
URL: https://github.com/apache/cloudstack/pull/2480#issuecomment-372824276
 
 
   @rhtyd have you tested this one against XenServer 6.5?


This is an automated message from the Apache Git Service.
To respond to the message, please log on GitHub and use the
URL above to go to the specific comment.
 
For queries about this service, please contact Infrastructure at:
us...@infra.apache.org


> Prefer TLSv1.2 and deprecate TLS 1.0/1.1
> 
>
> Key: CLOUDSTACK-10319
> URL: https://issues.apache.org/jira/browse/CLOUDSTACK-10319
> Project: CloudStack
>  Issue Type: Bug
>  Security Level: Public(Anyone can view this level - this is the 
> default.) 
>Reporter: Rohit Yadav
>Assignee: Rohit Yadav
>Priority: Major
> Fix For: 4.12.0.0, 4.11.1.0
>
>
> TLS 1.0 and 1.1 are both recommended to not be used. The aim would be to make 
> cloudstack prefer tls 1.2.



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

[jira] [Commented] (CLOUDSTACK-10319) Prefer TLSv1.2 and deprecate TLS 1.0/1.1

2018-03-12 Thread ASF subversion and git services (JIRA)


[ 
https://issues.apache.org/jira/browse/CLOUDSTACK-10319?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16395068#comment-16395068
 ] 

ASF subversion and git services commented on CLOUDSTACK-10319:
--

Commit da8cf8c3703178b0570ae34b5f5338dd704b8c73 in cloudstack's branch 
refs/heads/master from [~rohithsharma]
[ https://gitbox.apache.org/repos/asf?p=cloudstack.git;h=da8cf8c ]

CLOUDSTACK-10319: Prefer TLSv1.2, deprecate TLSv1.0,1.1 (#2480)

This deprecates and remove TLS 1.0 and 1.1 from preferred list of
protocols and keeps only TLSv1.2.

Signed-off-by: Rohit Yadav 

> Prefer TLSv1.2 and deprecate TLS 1.0/1.1
> 
>
> Key: CLOUDSTACK-10319
> URL: https://issues.apache.org/jira/browse/CLOUDSTACK-10319
> Project: CloudStack
>  Issue Type: Bug
>  Security Level: Public(Anyone can view this level - this is the 
> default.) 
>Reporter: Rohit Yadav
>Assignee: Rohit Yadav
>Priority: Major
> Fix For: 4.12.0.0, 4.11.1.0
>
>
> TLS 1.0 and 1.1 are both recommended to not be used. The aim would be to make 
> cloudstack prefer tls 1.2.



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

[jira] [Commented] (CLOUDSTACK-10319) Prefer TLSv1.2 and deprecate TLS 1.0/1.1

2018-03-12 Thread ASF subversion and git services (JIRA)


[ 
https://issues.apache.org/jira/browse/CLOUDSTACK-10319?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16395065#comment-16395065
 ] 

ASF subversion and git services commented on CLOUDSTACK-10319:
--

Commit da8cf8c3703178b0570ae34b5f5338dd704b8c73 in cloudstack's branch 
refs/heads/4.11 from [~rohithsharma]
[ https://gitbox.apache.org/repos/asf?p=cloudstack.git;h=da8cf8c ]

CLOUDSTACK-10319: Prefer TLSv1.2, deprecate TLSv1.0,1.1 (#2480)

This deprecates and remove TLS 1.0 and 1.1 from preferred list of
protocols and keeps only TLSv1.2.

Signed-off-by: Rohit Yadav 

> Prefer TLSv1.2 and deprecate TLS 1.0/1.1
> 
>
> Key: CLOUDSTACK-10319
> URL: https://issues.apache.org/jira/browse/CLOUDSTACK-10319
> Project: CloudStack
>  Issue Type: Bug
>  Security Level: Public(Anyone can view this level - this is the 
> default.) 
>Reporter: Rohit Yadav
>Assignee: Rohit Yadav
>Priority: Major
> Fix For: 4.12.0.0, 4.11.1.0
>
>
> TLS 1.0 and 1.1 are both recommended to not be used. The aim would be to make 
> cloudstack prefer tls 1.2.



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

[jira] [Commented] (CLOUDSTACK-10319) Prefer TLSv1.2 and deprecate TLS 1.0/1.1

2018-03-12 Thread ASF GitHub Bot (JIRA)


[ 
https://issues.apache.org/jira/browse/CLOUDSTACK-10319?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16395064#comment-16395064
 ] 

ASF GitHub Bot commented on CLOUDSTACK-10319:
-

rhtyd closed pull request #2480: CLOUDSTACK-10319: Prefer TLSv1.2, deprecate 
TLSv1.0,1.1
URL: https://github.com/apache/cloudstack/pull/2480
 
 
   

This is a PR merged from a forked repository.
As GitHub hides the original diff on merge, it is displayed below for
the sake of provenance:

As this is a foreign pull request (from a fork), the diff is supplied
below (as it won't show otherwise due to GitHub magic):

diff --git 
a/plugins/event-bus/rabbitmq/src/org/apache/cloudstack/mom/rabbitmq/RabbitMQEventBus.java
 
b/plugins/event-bus/rabbitmq/src/org/apache/cloudstack/mom/rabbitmq/RabbitMQEventBus.java
index 5c0d6ce6047..0b0b0839e70 100644
--- 
a/plugins/event-bus/rabbitmq/src/org/apache/cloudstack/mom/rabbitmq/RabbitMQEventBus.java
+++ 
b/plugins/event-bus/rabbitmq/src/org/apache/cloudstack/mom/rabbitmq/RabbitMQEventBus.java
@@ -61,7 +61,7 @@
 private static Integer port;
 private static String username;
 private static String password;
-private static String secureProtocol = "TLSv1";
+private static String secureProtocol = "TLSv1.2";
 
 public synchronized static void setVirtualHost(String virtualHost) {
 RabbitMQEventBus.virtualHost = virtualHost;
@@ -623,4 +623,4 @@ public void handleDelivery(String queueName, Envelope 
envelope, AMQP.BasicProper
 return;
 }
 }
-}
\ No newline at end of file
+}
diff --git a/systemvm/debian/etc/apache2/vhost.template 
b/systemvm/debian/etc/apache2/vhost.template
index caded8c2ad4..688239cd8c0 100644
--- a/systemvm/debian/etc/apache2/vhost.template
+++ b/systemvm/debian/etc/apache2/vhost.template
@@ -89,7 +89,7 @@
#   SSL Engine Switch:
#   Enable/Disable SSL for this virtual host.
SSLEngine on
-   SSLProtocol all -SSLv2 -SSLv3
+   SSLProtocol TLSv1.2
SSLCipherSuite 
ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA
SSLHonorCipherOrder on
 
diff --git 
a/tools/appliance/systemvmtemplate/scripts/configure_systemvm_services.sh 
b/tools/appliance/systemvmtemplate/scripts/configure_systemvm_services.sh
index 6e2e3059a53..3544806b1f9 100644
--- a/tools/appliance/systemvmtemplate/scripts/configure_systemvm_services.sh
+++ b/tools/appliance/systemvmtemplate/scripts/configure_systemvm_services.sh
@@ -28,7 +28,7 @@ function configure_apache2() {
# Backup stock apache configuration since we may modify it in Secondary 
Storage VM
cp /etc/apache2/sites-available/000-default.conf 
/etc/apache2/sites-available/default.orig
cp /etc/apache2/sites-available/default-ssl.conf 
/etc/apache2/sites-available/default-ssl.orig
-   sed -i 's/SSLProtocol all -SSLv2$/SSLProtocol all -SSLv2 -SSLv3/g' 
/etc/apache2/mods-available/ssl.conf
+   sed -i 's/SSLProtocol .*$/SSLProtocol TLSv1.2/g' 
/etc/apache2/mods-available/ssl.conf
 }
 
 function install_cloud_scripts() {
diff --git 
a/utils/src/main/java/org/apache/cloudstack/utils/security/SSLUtils.java 
b/utils/src/main/java/org/apache/cloudstack/utils/security/SSLUtils.java
index 8016f5a1916..9fbdb4aa553 100644
--- a/utils/src/main/java/org/apache/cloudstack/utils/security/SSLUtils.java
+++ b/utils/src/main/java/org/apache/cloudstack/utils/security/SSLUtils.java
@@ -34,7 +34,7 @@
 public static String[] getSupportedProtocols(String[] protocols) {
 Set set = new HashSet();
 for (String s : protocols) {
-if (s.equals("SSLv3") || s.equals("SSLv2Hello")) {
+if (s.equals("TLSv1") || s.equals("TLSv1.1") || s.equals("SSLv3") 
|| s.equals("SSLv2Hello")) {
 continue;
 }
 set.add(s);
@@ -46,7 +46,7 @@
  * It returns recommended protocols that are considered secure.
  */
 public static String[] getRecommendedProtocols() {
-return new String[] { "TLSv1", "TLSv1.1", "TLSv1.2" };
+return new String[] { "TLSv1.2" };
 }
 
 /**
diff --git a/utils/src/test/java/com/cloud/utils/security/SSLUtilsTest.java 
b/utils/src/test/java/com/cloud/utils/security/SSLUtilsTest.java
index 625b538d7f2..6c66dcd1bd0 100644
--- a/

[jira] [Commented] (CLOUDSTACK-10319) Prefer TLSv1.2 and deprecate TLS 1.0/1.1

2018-03-12 Thread ASF GitHub Bot (JIRA)


[ 
https://issues.apache.org/jira/browse/CLOUDSTACK-10319?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16395063#comment-16395063
 ] 

ASF GitHub Bot commented on CLOUDSTACK-10319:
-

rhtyd commented on issue #2480: CLOUDSTACK-10319: Prefer TLSv1.2, deprecate 
TLSv1.0,1.1
URL: https://github.com/apache/cloudstack/pull/2480#issuecomment-372265783
 
 
   Merging this PR based on test results and code reviews, thanks.


This is an automated message from the Apache Git Service.
To respond to the message, please log on GitHub and use the
URL above to go to the specific comment.
 
For queries about this service, please contact Infrastructure at:
us...@infra.apache.org


> Prefer TLSv1.2 and deprecate TLS 1.0/1.1
> 
>
> Key: CLOUDSTACK-10319
> URL: https://issues.apache.org/jira/browse/CLOUDSTACK-10319
> Project: CloudStack
>  Issue Type: Bug
>  Security Level: Public(Anyone can view this level - this is the 
> default.) 
>Reporter: Rohit Yadav
>Assignee: Rohit Yadav
>Priority: Major
> Fix For: 4.12.0.0, 4.11.1.0
>
>
> TLS 1.0 and 1.1 are both recommended to not be used. The aim would be to make 
> cloudstack prefer tls 1.2.



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

[jira] [Commented] (CLOUDSTACK-10319) Prefer TLSv1.2 and deprecate TLS 1.0/1.1

2018-03-12 Thread ASF GitHub Bot (JIRA)


[ 
https://issues.apache.org/jira/browse/CLOUDSTACK-10319?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16395062#comment-16395062
 ] 

ASF GitHub Bot commented on CLOUDSTACK-10319:
-

rhtyd commented on issue #2480: CLOUDSTACK-10319: Prefer TLSv1.2, deprecate 
TLSv1.0,1.1
URL: https://github.com/apache/cloudstack/pull/2480#issuecomment-372265703
 
 
   Test LGTM, no failures seen. The only affected public facing services are 
browser related - (1) apache2 on systemvms and (2) jetty powered mgmt server. 
Given the UI does not support IE, we've been testing against modern browsers 
such as Chrome and Firefox only, acceptance of the PR should not cause new 
failures for users. If admins want to enable TLS support (1.0+1.1) for browsers 
for the UI, they may configure the java.security.ciphers file or explicitly set 
the `jdk.tls.disabledAlgorithms= SSLv2Hello, SSLv3` option to allow both TLSv1, 
v1.1. With Java8, TLS1.2 is enabled by default.


This is an automated message from the Apache Git Service.
To respond to the message, please log on GitHub and use the
URL above to go to the specific comment.
 
For queries about this service, please contact Infrastructure at:
us...@infra.apache.org


> Prefer TLSv1.2 and deprecate TLS 1.0/1.1
> 
>
> Key: CLOUDSTACK-10319
> URL: https://issues.apache.org/jira/browse/CLOUDSTACK-10319
> Project: CloudStack
>  Issue Type: Bug
>  Security Level: Public(Anyone can view this level - this is the 
> default.) 
>Reporter: Rohit Yadav
>Assignee: Rohit Yadav
>Priority: Major
> Fix For: 4.12.0.0, 4.11.1.0
>
>
> TLS 1.0 and 1.1 are both recommended to not be used. The aim would be to make 
> cloudstack prefer tls 1.2.



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

[jira] [Commented] (CLOUDSTACK-10319) Prefer TLSv1.2 and deprecate TLS 1.0/1.1

2018-03-09 Thread ASF GitHub Bot (JIRA)


[ 
https://issues.apache.org/jira/browse/CLOUDSTACK-10319?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16392920#comment-16392920
 ] 

ASF GitHub Bot commented on CLOUDSTACK-10319:
-

wido commented on issue #2480: CLOUDSTACK-10319: Prefer TLSv1.2, deprecate 
TLSv1.0,1.1
URL: https://github.com/apache/cloudstack/pull/2480#issuecomment-371823375
 
 
   LGTM based on the code


This is an automated message from the Apache Git Service.
To respond to the message, please log on GitHub and use the
URL above to go to the specific comment.
 
For queries about this service, please contact Infrastructure at:
us...@infra.apache.org


> Prefer TLSv1.2 and deprecate TLS 1.0/1.1
> 
>
> Key: CLOUDSTACK-10319
> URL: https://issues.apache.org/jira/browse/CLOUDSTACK-10319
> Project: CloudStack
>  Issue Type: Bug
>  Security Level: Public(Anyone can view this level - this is the 
> default.) 
>Reporter: Rohit Yadav
>Assignee: Rohit Yadav
>Priority: Major
> Fix For: 4.12.0.0, 4.11.1.0
>
>
> TLS 1.0 and 1.1 are both recommended to not be used. The aim would be to make 
> cloudstack prefer tls 1.2.



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

[jira] [Commented] (CLOUDSTACK-10319) Prefer TLSv1.2 and deprecate TLS 1.0/1.1

2018-03-08 Thread ASF GitHub Bot (JIRA)


[ 
https://issues.apache.org/jira/browse/CLOUDSTACK-10319?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16392519#comment-16392519
 ] 

ASF GitHub Bot commented on CLOUDSTACK-10319:
-

blueorangutan commented on issue #2480: CLOUDSTACK-10319: Prefer TLSv1.2, 
deprecate TLSv1.0,1.1
URL: https://github.com/apache/cloudstack/pull/2480#issuecomment-371732713
 
 
   Trillian test result (tid-2345)
   Environment: vmware-65 (x2), Advanced Networking with Mgmt server 7
   Total time taken: 39111 seconds
   Marvin logs: 
https://github.com/blueorangutan/acs-prs/releases/download/trillian/pr2480-t2345-vmware-65.zip
   Intermitten failure detected: /marvin/tests/smoke/test_public_ip_range.py
   Intermitten failure detected: /marvin/tests/smoke/test_templates.py
   Intermitten failure detected: /marvin/tests/smoke/test_usage.py
   Intermitten failure detected: /marvin/tests/smoke/test_volumes.py
   Smoke tests completed. 64 look OK, 3 have error(s)
   Only failed tests results shown below:
   
   
   Test | Result | Time (s) | Test File
   --- | --- | --- | ---
   test_04_extract_template | `Failure` | 142.88 | test_templates.py
   ContextSuite context=TestISOUsage>:setup | `Error` | 0.00 | test_usage.py
   test_06_download_detached_volume | `Failure` | 186.11 | test_volumes.py
   


This is an automated message from the Apache Git Service.
To respond to the message, please log on GitHub and use the
URL above to go to the specific comment.
 
For queries about this service, please contact Infrastructure at:
us...@infra.apache.org


> Prefer TLSv1.2 and deprecate TLS 1.0/1.1
> 
>
> Key: CLOUDSTACK-10319
> URL: https://issues.apache.org/jira/browse/CLOUDSTACK-10319
> Project: CloudStack
>  Issue Type: Bug
>  Security Level: Public(Anyone can view this level - this is the 
> default.) 
>Reporter: Rohit Yadav
>Assignee: Rohit Yadav
>Priority: Major
> Fix For: 4.12.0.0, 4.11.1.0
>
>
> TLS 1.0 and 1.1 are both recommended to not be used. The aim would be to make 
> cloudstack prefer tls 1.2.



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

[jira] [Commented] (CLOUDSTACK-10319) Prefer TLSv1.2 and deprecate TLS 1.0/1.1

2018-03-08 Thread ASF GitHub Bot (JIRA)


[ 
https://issues.apache.org/jira/browse/CLOUDSTACK-10319?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16391849#comment-16391849
 ] 

ASF GitHub Bot commented on CLOUDSTACK-10319:
-

blueorangutan commented on issue #2480: CLOUDSTACK-10319: Prefer TLSv1.2, 
deprecate TLSv1.0,1.1
URL: https://github.com/apache/cloudstack/pull/2480#issuecomment-371605523
 
 
   @rhtyd a Trillian-Jenkins test job (centos7 mgmt + vmware-65) has been 
kicked to run smoke tests


This is an automated message from the Apache Git Service.
To respond to the message, please log on GitHub and use the
URL above to go to the specific comment.
 
For queries about this service, please contact Infrastructure at:
us...@infra.apache.org


> Prefer TLSv1.2 and deprecate TLS 1.0/1.1
> 
>
> Key: CLOUDSTACK-10319
> URL: https://issues.apache.org/jira/browse/CLOUDSTACK-10319
> Project: CloudStack
>  Issue Type: Bug
>  Security Level: Public(Anyone can view this level - this is the 
> default.) 
>Reporter: Rohit Yadav
>Assignee: Rohit Yadav
>Priority: Major
> Fix For: 4.12.0.0, 4.11.1.0
>
>
> TLS 1.0 and 1.1 are both recommended to not be used. The aim would be to make 
> cloudstack prefer tls 1.2.



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

[jira] [Commented] (CLOUDSTACK-10319) Prefer TLSv1.2 and deprecate TLS 1.0/1.1

2018-03-08 Thread ASF GitHub Bot (JIRA)


[ 
https://issues.apache.org/jira/browse/CLOUDSTACK-10319?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16391847#comment-16391847
 ] 

ASF GitHub Bot commented on CLOUDSTACK-10319:
-

rhtyd commented on issue #2480: CLOUDSTACK-10319: Prefer TLSv1.2, deprecate 
TLSv1.0,1.1
URL: https://github.com/apache/cloudstack/pull/2480#issuecomment-371605409
 
 
   @blueorangutan test centos7 vmware-65


This is an automated message from the Apache Git Service.
To respond to the message, please log on GitHub and use the
URL above to go to the specific comment.
 
For queries about this service, please contact Infrastructure at:
us...@infra.apache.org


> Prefer TLSv1.2 and deprecate TLS 1.0/1.1
> 
>
> Key: CLOUDSTACK-10319
> URL: https://issues.apache.org/jira/browse/CLOUDSTACK-10319
> Project: CloudStack
>  Issue Type: Bug
>  Security Level: Public(Anyone can view this level - this is the 
> default.) 
>Reporter: Rohit Yadav
>Assignee: Rohit Yadav
>Priority: Major
> Fix For: 4.12.0.0, 4.11.1.0
>
>
> TLS 1.0 and 1.1 are both recommended to not be used. The aim would be to make 
> cloudstack prefer tls 1.2.



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

[jira] [Commented] (CLOUDSTACK-10319) Prefer TLSv1.2 and deprecate TLS 1.0/1.1

2018-03-08 Thread ASF GitHub Bot (JIRA)


[ 
https://issues.apache.org/jira/browse/CLOUDSTACK-10319?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16391809#comment-16391809
 ] 

ASF GitHub Bot commented on CLOUDSTACK-10319:
-

blueorangutan commented on issue #2480: CLOUDSTACK-10319: Prefer TLSv1.2, 
deprecate TLSv1.0,1.1
URL: https://github.com/apache/cloudstack/pull/2480#issuecomment-371598747
 
 
   Trillian test result (tid-2341)
   Environment: xenserver-71 (x2), Advanced Networking with Mgmt server 6
   Total time taken: 22708 seconds
   Marvin logs: 
https://github.com/blueorangutan/acs-prs/releases/download/trillian/pr2480-t2341-xenserver-71.zip
   Intermitten failure detected: /marvin/tests/smoke/test_deploy_vm_iso.py
   Intermitten failure detected: /marvin/tests/smoke/test_scale_vm.py
   Smoke tests completed. 66 look OK, 1 have error(s)
   Only failed tests results shown below:
   
   
   Test | Result | Time (s) | Test File
   --- | --- | --- | ---
   test_01_scale_vm | `Error` | 9.43 | test_scale_vm.py
   


This is an automated message from the Apache Git Service.
To respond to the message, please log on GitHub and use the
URL above to go to the specific comment.
 
For queries about this service, please contact Infrastructure at:
us...@infra.apache.org


> Prefer TLSv1.2 and deprecate TLS 1.0/1.1
> 
>
> Key: CLOUDSTACK-10319
> URL: https://issues.apache.org/jira/browse/CLOUDSTACK-10319
> Project: CloudStack
>  Issue Type: Bug
>  Security Level: Public(Anyone can view this level - this is the 
> default.) 
>Reporter: Rohit Yadav
>Assignee: Rohit Yadav
>Priority: Major
> Fix For: 4.12.0.0, 4.11.1.0
>
>
> TLS 1.0 and 1.1 are both recommended to not be used. The aim would be to make 
> cloudstack prefer tls 1.2.



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

[jira] [Commented] (CLOUDSTACK-10319) Prefer TLSv1.2 and deprecate TLS 1.0/1.1

2018-03-08 Thread ASF GitHub Bot (JIRA)


[ 
https://issues.apache.org/jira/browse/CLOUDSTACK-10319?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16391779#comment-16391779
 ] 

ASF GitHub Bot commented on CLOUDSTACK-10319:
-

blueorangutan commented on issue #2480: CLOUDSTACK-10319: Prefer TLSv1.2, 
deprecate TLSv1.0,1.1
URL: https://github.com/apache/cloudstack/pull/2480#issuecomment-371596013
 
 
   Trillian test result (tid-2342)
   Environment: kvm-centos7 (x2), Advanced Networking with Mgmt server 7
   Total time taken: 22351 seconds
   Marvin logs: 
https://github.com/blueorangutan/acs-prs/releases/download/trillian/pr2480-t2342-kvm-centos7.zip
   Intermitten failure detected: /marvin/tests/smoke/test_host_maintenance.py
   Intermitten failure detected: /marvin/tests/smoke/test_hostha_kvm.py
   Smoke tests completed. 66 look OK, 1 have error(s)
   Only failed tests results shown below:
   
   
   Test | Result | Time (s) | Test File
   --- | --- | --- | ---
   test_hostha_enable_ha_when_host_in_maintenance | `Error` | 3.74 | 
test_hostha_kvm.py
   


This is an automated message from the Apache Git Service.
To respond to the message, please log on GitHub and use the
URL above to go to the specific comment.
 
For queries about this service, please contact Infrastructure at:
us...@infra.apache.org


> Prefer TLSv1.2 and deprecate TLS 1.0/1.1
> 
>
> Key: CLOUDSTACK-10319
> URL: https://issues.apache.org/jira/browse/CLOUDSTACK-10319
> Project: CloudStack
>  Issue Type: Bug
>  Security Level: Public(Anyone can view this level - this is the 
> default.) 
>Reporter: Rohit Yadav
>Assignee: Rohit Yadav
>Priority: Major
> Fix For: 4.12.0.0, 4.11.1.0
>
>
> TLS 1.0 and 1.1 are both recommended to not be used. The aim would be to make 
> cloudstack prefer tls 1.2.



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

[jira] [Commented] (CLOUDSTACK-10319) Prefer TLSv1.2 and deprecate TLS 1.0/1.1

2018-03-08 Thread ASF GitHub Bot (JIRA)


[ 
https://issues.apache.org/jira/browse/CLOUDSTACK-10319?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16391712#comment-16391712
 ] 

ASF GitHub Bot commented on CLOUDSTACK-10319:
-

blueorangutan commented on issue #2480: CLOUDSTACK-10319: Prefer TLSv1.2, 
deprecate TLSv1.0,1.1
URL: https://github.com/apache/cloudstack/pull/2480#issuecomment-371582209
 
 
   Trillian test result (tid-2343)
   Environment: vmware-65 (x2), Advanced Networking with Mgmt server 7
   Total time taken: 19726 seconds
   Marvin logs: 
https://github.com/blueorangutan/acs-prs/releases/download/trillian/pr2480-t2343-vmware-65.zip
   Intermitten failure detected: /marvin/tests/smoke/test_public_ip_range.py
   Intermitten failure detected: /marvin/tests/smoke/test_reset_vm_on_reboot.py
   Intermitten failure detected: /marvin/tests/smoke/test_router_dhcphosts.py
   Intermitten failure detected: /marvin/tests/smoke/test_router_dns.py
   Intermitten failure detected: /marvin/tests/smoke/test_router_dnsservice.py
   Intermitten failure detected: 
/marvin/tests/smoke/test_routers_iptables_default_policy.py
   Intermitten failure detected: /marvin/tests/smoke/test_routers_network_ops.py
   Intermitten failure detected: /marvin/tests/smoke/test_routers.py
   Intermitten failure detected: /marvin/tests/smoke/test_scale_vm.py
   Intermitten failure detected: /marvin/tests/smoke/test_secondary_storage.py
   Intermitten failure detected: /marvin/tests/smoke/test_service_offerings.py
   Intermitten failure detected: /marvin/tests/smoke/test_snapshots.py
   Intermitten failure detected: /marvin/tests/smoke/test_ssvm.py
   Intermitten failure detected: /marvin/tests/smoke/test_templates.py
   Intermitten failure detected: /marvin/tests/smoke/test_usage.py
   Intermitten failure detected: /marvin/tests/smoke/test_vm_life_cycle.py
   Intermitten failure detected: /marvin/tests/smoke/test_vm_snapshots.py
   Intermitten failure detected: /marvin/tests/smoke/test_volumes.py
   Intermitten failure detected: /marvin/tests/smoke/test_vpc_redundant.py
   Intermitten failure detected: /marvin/tests/smoke/test_vpc_router_nics.py
   Intermitten failure detected: /marvin/tests/smoke/test_vpc_vpn.py
   Intermitten failure detected: /marvin/tests/smoke/test_host_maintenance.py
   Smoke tests completed. 46 look OK, 21 have error(s)
   Only failed tests results shown below:
   
   
   Test | Result | Time (s) | Test File
   --- | --- | --- | ---
   ContextSuite context=TestResetVmOnReboot>:setup | `Error` | 0.00 | 
test_reset_vm_on_reboot.py
   ContextSuite context=TestRouterDHCPHosts>:setup | `Error` | 0.00 | 
test_router_dhcphosts.py
   ContextSuite context=TestRouterDHCPOpts>:setup | `Error` | 0.00 | 
test_router_dhcphosts.py
   ContextSuite context=TestRouterDns>:setup | `Error` | 0.00 | 
test_router_dns.py
   ContextSuite context=TestRouterDnsService>:setup | `Error` | 0.00 | 
test_router_dnsservice.py
   ContextSuite context=TestRouterIpTablesPolicies>:setup | `Error` | 0.00 | 
test_routers_iptables_default_policy.py
   ContextSuite context=TestVPCIpTablesPolicies>:setup | `Error` | 0.00 | 
test_routers_iptables_default_policy.py
   test_01_isolate_network_FW_PF_default_routes_egress_true | `Error` | 0.21 | 
test_routers_network_ops.py
   test_02_isolate_network_FW_PF_default_routes_egress_false | `Error` | 0.22 | 
test_routers_network_ops.py
   ContextSuite context=TestRedundantIsolateNetworks>:setup | `Error` | 1.41 | 
test_routers_network_ops.py
   ContextSuite context=TestRouterServices>:setup | `Error` | 0.00 | 
test_routers.py
   ContextSuite context=TestScaleVm>:setup | `Error` | 0.00 | test_scale_vm.py
   test_01_sys_vm_start | `Failure` | 0.24 | test_secondary_storage.py
   test_02_sys_template_ready | `Failure` | 0.23 | test_secondary_storage.py
   ContextSuite context=TestServiceOfferings>:setup | `Error` | 0.19 | 
test_service_offerings.py
   ContextSuite context=TestSnapshotRootDisk>:setup | `Error` | 0.00 | 
test_snapshots.py
   test_01_list_sec_storage_vm | `Failure` | 0.04 | test_ssvm.py
   test_02_list_cpvm_vm | `Failure` | 0.04 | test_ssvm.py
   test_03_ssvm_internals | `Failure` | 0.04 | test_ssvm.py
   test_04_cpvm_internals | `Failure` | 0.04 | test_ssvm.py
   test_05_stop_ssvm | `Failure` | 0.04 | test_ssvm.py
   test_06_stop_cpvm | `Failure` | 0.04 | test_ssvm.py
   test_07_reboot_ssvm | `Failure` | 0.07 | test_ssvm.py
   test_08_reboot_cpvm | `Failure` | 0.04 | test_ssvm.py
   test_09_destroy_ssvm | `Failure` | 0.04 | test_ssvm.py
   test_10_destroy_cpvm | `Failure` | 0.04 | test_ssvm.py
   test_02_create_template_with_checksum_sha1 | `Error` | 65.46 | 
test_templates.py
   test_03_create_template_with_checksum_sha256 | `Error` | 65.58 | 
test_templates.py
   test_04_create_template_with_checksum_md5 | `Error` | 65.50 | 
test_templates.py
   test_05_create_template_with_no_checksum | `Error` | 65.55 | 
test_templates.py
   ContextSuite context=

[jira] [Commented] (CLOUDSTACK-10319) Prefer TLSv1.2 and deprecate TLS 1.0/1.1

2018-03-08 Thread ASF GitHub Bot (JIRA)


[ 
https://issues.apache.org/jira/browse/CLOUDSTACK-10319?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16391193#comment-16391193
 ] 

ASF GitHub Bot commented on CLOUDSTACK-10319:
-

blueorangutan commented on issue #2480: CLOUDSTACK-10319: Prefer TLSv1.2, 
deprecate TLSv1.0,1.1
URL: https://github.com/apache/cloudstack/pull/2480#issuecomment-371476050
 
 
   @rhtyd a Trillian-Jenkins matrix job (centos6 mgmt + xs71, centos7 mgmt + 
vmware65, centos7 mgmt + kvmcentos7) has been kicked to run smoke tests


This is an automated message from the Apache Git Service.
To respond to the message, please log on GitHub and use the
URL above to go to the specific comment.
 
For queries about this service, please contact Infrastructure at:
us...@infra.apache.org


> Prefer TLSv1.2 and deprecate TLS 1.0/1.1
> 
>
> Key: CLOUDSTACK-10319
> URL: https://issues.apache.org/jira/browse/CLOUDSTACK-10319
> Project: CloudStack
>  Issue Type: Bug
>  Security Level: Public(Anyone can view this level - this is the 
> default.) 
>Reporter: Rohit Yadav
>Assignee: Rohit Yadav
>Priority: Major
> Fix For: 4.12.0.0, 4.11.1.0
>
>
> TLS 1.0 and 1.1 are both recommended to not be used. The aim would be to make 
> cloudstack prefer tls 1.2.



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

[jira] [Commented] (CLOUDSTACK-10319) Prefer TLSv1.2 and deprecate TLS 1.0/1.1

2018-03-08 Thread ASF GitHub Bot (JIRA)


[ 
https://issues.apache.org/jira/browse/CLOUDSTACK-10319?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16391191#comment-16391191
 ] 

ASF GitHub Bot commented on CLOUDSTACK-10319:
-

rhtyd commented on issue #2480: CLOUDSTACK-10319: Prefer TLSv1.2, deprecate 
TLSv1.0,1.1
URL: https://github.com/apache/cloudstack/pull/2480#issuecomment-371475811
 
 
   @blueorangutan test matrix 


This is an automated message from the Apache Git Service.
To respond to the message, please log on GitHub and use the
URL above to go to the specific comment.
 
For queries about this service, please contact Infrastructure at:
us...@infra.apache.org


> Prefer TLSv1.2 and deprecate TLS 1.0/1.1
> 
>
> Key: CLOUDSTACK-10319
> URL: https://issues.apache.org/jira/browse/CLOUDSTACK-10319
> Project: CloudStack
>  Issue Type: Bug
>  Security Level: Public(Anyone can view this level - this is the 
> default.) 
>Reporter: Rohit Yadav
>Assignee: Rohit Yadav
>Priority: Major
> Fix For: 4.12.0.0, 4.11.1.0
>
>
> TLS 1.0 and 1.1 are both recommended to not be used. The aim would be to make 
> cloudstack prefer tls 1.2.



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

[jira] [Commented] (CLOUDSTACK-10319) Prefer TLSv1.2 and deprecate TLS 1.0/1.1

2018-03-08 Thread ASF GitHub Bot (JIRA)


[ 
https://issues.apache.org/jira/browse/CLOUDSTACK-10319?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16391170#comment-16391170
 ] 

ASF GitHub Bot commented on CLOUDSTACK-10319:
-

blueorangutan commented on issue #2480: CLOUDSTACK-10319: Prefer TLSv1.2, 
deprecate TLSv1.0,1.1
URL: https://github.com/apache/cloudstack/pull/2480#issuecomment-371472343
 
 
   Packaging result: ✔centos6 ✔centos7 ✔debian. JID-1765


This is an automated message from the Apache Git Service.
To respond to the message, please log on GitHub and use the
URL above to go to the specific comment.
 
For queries about this service, please contact Infrastructure at:
us...@infra.apache.org


> Prefer TLSv1.2 and deprecate TLS 1.0/1.1
> 
>
> Key: CLOUDSTACK-10319
> URL: https://issues.apache.org/jira/browse/CLOUDSTACK-10319
> Project: CloudStack
>  Issue Type: Bug
>  Security Level: Public(Anyone can view this level - this is the 
> default.) 
>Reporter: Rohit Yadav
>Assignee: Rohit Yadav
>Priority: Major
> Fix For: 4.12.0.0, 4.11.1.0
>
>
> TLS 1.0 and 1.1 are both recommended to not be used. The aim would be to make 
> cloudstack prefer tls 1.2.



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

[jira] [Commented] (CLOUDSTACK-10319) Prefer TLSv1.2 and deprecate TLS 1.0/1.1

2018-03-08 Thread ASF GitHub Bot (JIRA)


[ 
https://issues.apache.org/jira/browse/CLOUDSTACK-10319?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16391129#comment-16391129
 ] 

ASF GitHub Bot commented on CLOUDSTACK-10319:
-

blueorangutan commented on issue #2480: CLOUDSTACK-10319: Prefer TLSv1.2, 
deprecate TLSv1.0,1.1
URL: https://github.com/apache/cloudstack/pull/2480#issuecomment-371464336
 
 
   @rhtyd a Jenkins job has been kicked to build packages. I'll keep you posted 
as I make progress.


This is an automated message from the Apache Git Service.
To respond to the message, please log on GitHub and use the
URL above to go to the specific comment.
 
For queries about this service, please contact Infrastructure at:
us...@infra.apache.org


> Prefer TLSv1.2 and deprecate TLS 1.0/1.1
> 
>
> Key: CLOUDSTACK-10319
> URL: https://issues.apache.org/jira/browse/CLOUDSTACK-10319
> Project: CloudStack
>  Issue Type: Bug
>  Security Level: Public(Anyone can view this level - this is the 
> default.) 
>Reporter: Rohit Yadav
>Assignee: Rohit Yadav
>Priority: Major
> Fix For: 4.12.0.0, 4.11.1.0
>
>
> TLS 1.0 and 1.1 are both recommended to not be used. The aim would be to make 
> cloudstack prefer tls 1.2.



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

[jira] [Commented] (CLOUDSTACK-10319) Prefer TLSv1.2 and deprecate TLS 1.0/1.1

2018-03-08 Thread ASF GitHub Bot (JIRA)


[ 
https://issues.apache.org/jira/browse/CLOUDSTACK-10319?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16391126#comment-16391126
 ] 

ASF GitHub Bot commented on CLOUDSTACK-10319:
-

rhtyd opened a new pull request #2480: CLOUDSTACK-10319: Prefer TLSv1.2, 
deprecate TLSv1.0,1.1
URL: https://github.com/apache/cloudstack/pull/2480
 
 
   This deprecates and remove TLS 1.0 and 1.1 from preferred list of
   protocols and keeps only TLSv1.2.
   
   @blueorangutan package


This is an automated message from the Apache Git Service.
To respond to the message, please log on GitHub and use the
URL above to go to the specific comment.
 
For queries about this service, please contact Infrastructure at:
us...@infra.apache.org


> Prefer TLSv1.2 and deprecate TLS 1.0/1.1
> 
>
> Key: CLOUDSTACK-10319
> URL: https://issues.apache.org/jira/browse/CLOUDSTACK-10319
> Project: CloudStack
>  Issue Type: Bug
>  Security Level: Public(Anyone can view this level - this is the 
> default.) 
>Reporter: Rohit Yadav
>Assignee: Rohit Yadav
>Priority: Major
> Fix For: 4.12.0.0, 4.11.1.0
>
>
> TLS 1.0 and 1.1 are both recommended to not be used. The aim would be to make 
> cloudstack prefer tls 1.2.



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

44 matches

Mail list logo