[jira] [Commented] (CLOUDSTACK-10319) Prefer TLSv1.2 and deprecate TLS 1.0/1.1
[ https://issues.apache.org/jira/browse/CLOUDSTACK-10319?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16414996#comment-16414996 ] ASF GitHub Bot commented on CLOUDSTACK-10319: - blueorangutan commented on issue #2507: CLOUDSTACK-10319: Allow TLSv1, v1.1 for XenServer, Vmware URL: https://github.com/apache/cloudstack/pull/2507#issuecomment-376393285 Trillian test result (tid-2412) Environment: vmware-55u3 (x2), Advanced Networking with Mgmt server 7 Total time taken: 151811 seconds Marvin logs: https://github.com/blueorangutan/acs-prs/releases/download/trillian/pr2507-t2412-vmware-55u3.zip Intermitten failure detected: /marvin/tests/smoke/test_privategw_acl.py Intermitten failure detected: /marvin/tests/smoke/test_routers_network_ops.py Intermitten failure detected: /marvin/tests/smoke/test_routers.py Intermitten failure detected: /marvin/tests/smoke/test_service_offerings.py Intermitten failure detected: /marvin/tests/smoke/test_templates.py Intermitten failure detected: /marvin/tests/smoke/test_usage.py Intermitten failure detected: /marvin/tests/smoke/test_vpc_redundant.py Smoke tests completed. 63 look OK, 4 have error(s) Only failed tests results shown below: Test | Result | Time (s) | Test File --- | --- | --- | --- test_01_RVR_Network_FW_PF_SSH_default_routes_egress_true | `Failure` | 2119.12 | test_routers_network_ops.py test_04_restart_network_wo_cleanup | `Failure` | 4.38 | test_routers.py ContextSuite context=TestCpuCapServiceOfferings>:teardown | `Error` | 0.00 | test_service_offerings.py test_04_rvpc_network_garbage_collector_nics | `Failure` | 664.10 | test_vpc_redundant.py This is an automated message from the Apache Git Service. To respond to the message, please log on GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: us...@infra.apache.org > Prefer TLSv1.2 and deprecate TLS 1.0/1.1 > > > Key: CLOUDSTACK-10319 > URL: https://issues.apache.org/jira/browse/CLOUDSTACK-10319 > Project: CloudStack > Issue Type: Bug > Security Level: Public(Anyone can view this level - this is the > default.) >Reporter: Rohit Yadav >Assignee: Rohit Yadav >Priority: Major > Fix For: 4.12.0.0, 4.11.1.0 > > > TLS 1.0 and 1.1 are both recommended to not be used. The aim would be to make > cloudstack prefer tls 1.2. -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Commented] (CLOUDSTACK-10319) Prefer TLSv1.2 and deprecate TLS 1.0/1.1
[ https://issues.apache.org/jira/browse/CLOUDSTACK-10319?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16413615#comment-16413615 ] ASF GitHub Bot commented on CLOUDSTACK-10319: - blueorangutan commented on issue #2507: CLOUDSTACK-10319: Allow TLSv1, v1.1 for XenServer, Vmware URL: https://github.com/apache/cloudstack/pull/2507#issuecomment-376100098 Packaging result: ✔centos6 ✔centos7 ✔debian. JID-1828 This is an automated message from the Apache Git Service. To respond to the message, please log on GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: us...@infra.apache.org > Prefer TLSv1.2 and deprecate TLS 1.0/1.1 > > > Key: CLOUDSTACK-10319 > URL: https://issues.apache.org/jira/browse/CLOUDSTACK-10319 > Project: CloudStack > Issue Type: Bug > Security Level: Public(Anyone can view this level - this is the > default.) >Reporter: Rohit Yadav >Assignee: Rohit Yadav >Priority: Major > Fix For: 4.12.0.0, 4.11.1.0 > > > TLS 1.0 and 1.1 are both recommended to not be used. The aim would be to make > cloudstack prefer tls 1.2. -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Commented] (CLOUDSTACK-10319) Prefer TLSv1.2 and deprecate TLS 1.0/1.1
[ https://issues.apache.org/jira/browse/CLOUDSTACK-10319?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16413584#comment-16413584 ] ASF subversion and git services commented on CLOUDSTACK-10319: -- Commit 9222da2d625e4d85889c7d8bc1c5f0caea448129 in cloudstack's branch refs/heads/master from [~rohit.ya...@shapeblue.com] [ https://gitbox.apache.org/repos/asf?p=cloudstack.git;h=9222da2 ] [Merge 4.11] CLOUDSTACK-10319: Allow TLSv1, v1.1 for XenServer, Vmware (#2507) Signed-off-by: Rohit Yadav > Prefer TLSv1.2 and deprecate TLS 1.0/1.1 > > > Key: CLOUDSTACK-10319 > URL: https://issues.apache.org/jira/browse/CLOUDSTACK-10319 > Project: CloudStack > Issue Type: Bug > Security Level: Public(Anyone can view this level - this is the > default.) >Reporter: Rohit Yadav >Assignee: Rohit Yadav >Priority: Major > Fix For: 4.12.0.0, 4.11.1.0 > > > TLS 1.0 and 1.1 are both recommended to not be used. The aim would be to make > cloudstack prefer tls 1.2. -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Commented] (CLOUDSTACK-10319) Prefer TLSv1.2 and deprecate TLS 1.0/1.1
[ https://issues.apache.org/jira/browse/CLOUDSTACK-10319?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16413583#comment-16413583 ] ASF subversion and git services commented on CLOUDSTACK-10319: -- Commit c4cc679c3b34a5f38cc17a01a96e9d69aa370641 in cloudstack's branch refs/heads/master from [~rohithsharma] [ https://gitbox.apache.org/repos/asf?p=cloudstack.git;h=c4cc679 ] CLOUDSTACK-10319: Allow TLSv1, v1.1 for XenServer, Vmware (#2507) This reverts changes from #2480, instead moves TLS settings to java ciphers settings config file. It should be sufficient to enforce TLS v1.2 on public facing CloudStack services: - CloudStack webserver (Jetty based) - Apache2 for secondary storage VM - CPVM HTTPs server Signed-off-by: Rohit Yadav > Prefer TLSv1.2 and deprecate TLS 1.0/1.1 > > > Key: CLOUDSTACK-10319 > URL: https://issues.apache.org/jira/browse/CLOUDSTACK-10319 > Project: CloudStack > Issue Type: Bug > Security Level: Public(Anyone can view this level - this is the > default.) >Reporter: Rohit Yadav >Assignee: Rohit Yadav >Priority: Major > Fix For: 4.12.0.0, 4.11.1.0 > > > TLS 1.0 and 1.1 are both recommended to not be used. The aim would be to make > cloudstack prefer tls 1.2. -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Commented] (CLOUDSTACK-10319) Prefer TLSv1.2 and deprecate TLS 1.0/1.1
[ https://issues.apache.org/jira/browse/CLOUDSTACK-10319?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16413581#comment-16413581 ] ASF GitHub Bot commented on CLOUDSTACK-10319: - blueorangutan commented on issue #2507: CLOUDSTACK-10319: Allow TLSv1, v1.1 for XenServer, Vmware URL: https://github.com/apache/cloudstack/pull/2507#issuecomment-376091570 @rhtyd a Jenkins job has been kicked to build packages. I'll keep you posted as I make progress. This is an automated message from the Apache Git Service. To respond to the message, please log on GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: us...@infra.apache.org > Prefer TLSv1.2 and deprecate TLS 1.0/1.1 > > > Key: CLOUDSTACK-10319 > URL: https://issues.apache.org/jira/browse/CLOUDSTACK-10319 > Project: CloudStack > Issue Type: Bug > Security Level: Public(Anyone can view this level - this is the > default.) >Reporter: Rohit Yadav >Assignee: Rohit Yadav >Priority: Major > Fix For: 4.12.0.0, 4.11.1.0 > > > TLS 1.0 and 1.1 are both recommended to not be used. The aim would be to make > cloudstack prefer tls 1.2. -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Commented] (CLOUDSTACK-10319) Prefer TLSv1.2 and deprecate TLS 1.0/1.1
[ https://issues.apache.org/jira/browse/CLOUDSTACK-10319?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16413578#comment-16413578 ] ASF GitHub Bot commented on CLOUDSTACK-10319: - rhtyd commented on issue #2507: CLOUDSTACK-10319: Allow TLSv1, v1.1 for XenServer, Vmware URL: https://github.com/apache/cloudstack/pull/2507#issuecomment-376091371 Checked test results, test LGTM (the failures are all env issues). I'll merge this to unblock other PRs who are failing testing on older xenserver/vmware based environments. This is an automated message from the Apache Git Service. To respond to the message, please log on GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: us...@infra.apache.org > Prefer TLSv1.2 and deprecate TLS 1.0/1.1 > > > Key: CLOUDSTACK-10319 > URL: https://issues.apache.org/jira/browse/CLOUDSTACK-10319 > Project: CloudStack > Issue Type: Bug > Security Level: Public(Anyone can view this level - this is the > default.) >Reporter: Rohit Yadav >Assignee: Rohit Yadav >Priority: Major > Fix For: 4.12.0.0, 4.11.1.0 > > > TLS 1.0 and 1.1 are both recommended to not be used. The aim would be to make > cloudstack prefer tls 1.2. -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Commented] (CLOUDSTACK-10319) Prefer TLSv1.2 and deprecate TLS 1.0/1.1
[ https://issues.apache.org/jira/browse/CLOUDSTACK-10319?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16413579#comment-16413579 ] ASF GitHub Bot commented on CLOUDSTACK-10319: - rhtyd closed pull request #2507: CLOUDSTACK-10319: Allow TLSv1, v1.1 for XenServer, Vmware URL: https://github.com/apache/cloudstack/pull/2507 This is a PR merged from a forked repository. As GitHub hides the original diff on merge, it is displayed below for the sake of provenance: As this is a foreign pull request (from a fork), the diff is supplied below (as it won't show otherwise due to GitHub magic): diff --git a/client/conf/java.security.ciphers.in b/client/conf/java.security.ciphers.in index 986abf61e71..27e2d690ee6 100644 --- a/client/conf/java.security.ciphers.in +++ b/client/conf/java.security.ciphers.in @@ -15,4 +15,4 @@ # specific language governing permissions and limitations # under the License. -jdk.tls.disabledAlgorithms=DH keySize < 128, RSA keySize < 128, DES keySize < 128, SHA1 keySize < 128, MD5 keySize < 128, RC4 \ No newline at end of file +jdk.tls.disabledAlgorithms=SSLv2Hello, SSLv3, TLSv1, TLSv1.1, DH keySize < 128, RSA keySize < 128, DES keySize < 128, SHA1 keySize < 128, MD5 keySize < 128, RC4 diff --git a/utils/src/main/java/org/apache/cloudstack/utils/security/SSLUtils.java b/utils/src/main/java/org/apache/cloudstack/utils/security/SSLUtils.java index 9fbdb4aa553..8016f5a1916 100644 --- a/utils/src/main/java/org/apache/cloudstack/utils/security/SSLUtils.java +++ b/utils/src/main/java/org/apache/cloudstack/utils/security/SSLUtils.java @@ -34,7 +34,7 @@ public static String[] getSupportedProtocols(String[] protocols) { Set set = new HashSet(); for (String s : protocols) { -if (s.equals("TLSv1") || s.equals("TLSv1.1") || s.equals("SSLv3") || s.equals("SSLv2Hello")) { +if (s.equals("SSLv3") || s.equals("SSLv2Hello")) { continue; } set.add(s); @@ -46,7 +46,7 @@ * It returns recommended protocols that are considered secure. */ public static String[] getRecommendedProtocols() { -return new String[] { "TLSv1.2" }; +return new String[] { "TLSv1", "TLSv1.1", "TLSv1.2" }; } /** diff --git a/utils/src/test/java/com/cloud/utils/security/SSLUtilsTest.java b/utils/src/test/java/com/cloud/utils/security/SSLUtilsTest.java index 6c66dcd1bd0..625b538d7f2 100644 --- a/utils/src/test/java/com/cloud/utils/security/SSLUtilsTest.java +++ b/utils/src/test/java/com/cloud/utils/security/SSLUtilsTest.java @@ -69,9 +69,9 @@ public void getSupportedProtocolsTest() { } private void verifyProtocols(ArrayList protocolsList) { +Assert.assertTrue(protocolsList.contains("TLSv1")); +Assert.assertTrue(protocolsList.contains("TLSv1.1")); Assert.assertTrue(protocolsList.contains("TLSv1.2")); -Assert.assertFalse(protocolsList.contains("TLSv1")); -Assert.assertFalse(protocolsList.contains("TLSv1.1")); Assert.assertFalse(protocolsList.contains("SSLv3")); Assert.assertFalse(protocolsList.contains("SSLv2Hello")); } This is an automated message from the Apache Git Service. To respond to the message, please log on GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: us...@infra.apache.org > Prefer TLSv1.2 and deprecate TLS 1.0/1.1 > > > Key: CLOUDSTACK-10319 > URL: https://issues.apache.org/jira/browse/CLOUDSTACK-10319 > Project: CloudStack > Issue Type: Bug > Security Level: Public(Anyone can view this level - this is the > default.) >Reporter: Rohit Yadav >Assignee: Rohit Yadav >Priority: Major > Fix For: 4.12.0.0, 4.11.1.0 > > > TLS 1.0 and 1.1 are both recommended to not be used. The aim would be to make > cloudstack prefer tls 1.2. -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Commented] (CLOUDSTACK-10319) Prefer TLSv1.2 and deprecate TLS 1.0/1.1
[ https://issues.apache.org/jira/browse/CLOUDSTACK-10319?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16413580#comment-16413580 ] ASF subversion and git services commented on CLOUDSTACK-10319: -- Commit c4cc679c3b34a5f38cc17a01a96e9d69aa370641 in cloudstack's branch refs/heads/4.11 from [~rohithsharma] [ https://gitbox.apache.org/repos/asf?p=cloudstack.git;h=c4cc679 ] CLOUDSTACK-10319: Allow TLSv1, v1.1 for XenServer, Vmware (#2507) This reverts changes from #2480, instead moves TLS settings to java ciphers settings config file. It should be sufficient to enforce TLS v1.2 on public facing CloudStack services: - CloudStack webserver (Jetty based) - Apache2 for secondary storage VM - CPVM HTTPs server Signed-off-by: Rohit Yadav > Prefer TLSv1.2 and deprecate TLS 1.0/1.1 > > > Key: CLOUDSTACK-10319 > URL: https://issues.apache.org/jira/browse/CLOUDSTACK-10319 > Project: CloudStack > Issue Type: Bug > Security Level: Public(Anyone can view this level - this is the > default.) >Reporter: Rohit Yadav >Assignee: Rohit Yadav >Priority: Major > Fix For: 4.12.0.0, 4.11.1.0 > > > TLS 1.0 and 1.1 are both recommended to not be used. The aim would be to make > cloudstack prefer tls 1.2. -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Commented] (CLOUDSTACK-10319) Prefer TLSv1.2 and deprecate TLS 1.0/1.1
[ https://issues.apache.org/jira/browse/CLOUDSTACK-10319?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16413577#comment-16413577 ] ASF GitHub Bot commented on CLOUDSTACK-10319: - blueorangutan commented on issue #2507: CLOUDSTACK-10319: Allow TLSv1, v1.1 for XenServer, Vmware URL: https://github.com/apache/cloudstack/pull/2507#issuecomment-376090147 Packaging result: ✖centos6 ✔centos7 ✔debian. JID-1827 This is an automated message from the Apache Git Service. To respond to the message, please log on GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: us...@infra.apache.org > Prefer TLSv1.2 and deprecate TLS 1.0/1.1 > > > Key: CLOUDSTACK-10319 > URL: https://issues.apache.org/jira/browse/CLOUDSTACK-10319 > Project: CloudStack > Issue Type: Bug > Security Level: Public(Anyone can view this level - this is the > default.) >Reporter: Rohit Yadav >Assignee: Rohit Yadav >Priority: Major > Fix For: 4.12.0.0, 4.11.1.0 > > > TLS 1.0 and 1.1 are both recommended to not be used. The aim would be to make > cloudstack prefer tls 1.2. -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Commented] (CLOUDSTACK-10319) Prefer TLSv1.2 and deprecate TLS 1.0/1.1
[ https://issues.apache.org/jira/browse/CLOUDSTACK-10319?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16413572#comment-16413572 ] ASF GitHub Bot commented on CLOUDSTACK-10319: - blueorangutan commented on issue #2507: CLOUDSTACK-10319: Allow TLSv1, v1.1 for XenServer, Vmware URL: https://github.com/apache/cloudstack/pull/2507#issuecomment-376090147 Packaging result: ✖centos6 ✔centos7 ✔debian. JID-1827 This is an automated message from the Apache Git Service. To respond to the message, please log on GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: us...@infra.apache.org > Prefer TLSv1.2 and deprecate TLS 1.0/1.1 > > > Key: CLOUDSTACK-10319 > URL: https://issues.apache.org/jira/browse/CLOUDSTACK-10319 > Project: CloudStack > Issue Type: Bug > Security Level: Public(Anyone can view this level - this is the > default.) >Reporter: Rohit Yadav >Assignee: Rohit Yadav >Priority: Major > Fix For: 4.12.0.0, 4.11.1.0 > > > TLS 1.0 and 1.1 are both recommended to not be used. The aim would be to make > cloudstack prefer tls 1.2. -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Commented] (CLOUDSTACK-10319) Prefer TLSv1.2 and deprecate TLS 1.0/1.1
[ https://issues.apache.org/jira/browse/CLOUDSTACK-10319?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16413549#comment-16413549 ] ASF GitHub Bot commented on CLOUDSTACK-10319: - blueorangutan commented on issue #2507: CLOUDSTACK-10319: Allow TLSv1, v1.1 for XenServer, Vmware URL: https://github.com/apache/cloudstack/pull/2507#issuecomment-376082971 @rhtyd a Jenkins job has been kicked to build packages. I'll keep you posted as I make progress. This is an automated message from the Apache Git Service. To respond to the message, please log on GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: us...@infra.apache.org > Prefer TLSv1.2 and deprecate TLS 1.0/1.1 > > > Key: CLOUDSTACK-10319 > URL: https://issues.apache.org/jira/browse/CLOUDSTACK-10319 > Project: CloudStack > Issue Type: Bug > Security Level: Public(Anyone can view this level - this is the > default.) >Reporter: Rohit Yadav >Assignee: Rohit Yadav >Priority: Major > Fix For: 4.12.0.0, 4.11.1.0 > > > TLS 1.0 and 1.1 are both recommended to not be used. The aim would be to make > cloudstack prefer tls 1.2. -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Commented] (CLOUDSTACK-10319) Prefer TLSv1.2 and deprecate TLS 1.0/1.1
[ https://issues.apache.org/jira/browse/CLOUDSTACK-10319?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16413461#comment-16413461 ] ASF GitHub Bot commented on CLOUDSTACK-10319: - rhtyd commented on issue #2507: CLOUDSTACK-10319: Allow TLSv1, v1.1 for XenServer, Vmware URL: https://github.com/apache/cloudstack/pull/2507#issuecomment-376065281 @blueorangutan test centos7 vmware-55u3 This is an automated message from the Apache Git Service. To respond to the message, please log on GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: us...@infra.apache.org > Prefer TLSv1.2 and deprecate TLS 1.0/1.1 > > > Key: CLOUDSTACK-10319 > URL: https://issues.apache.org/jira/browse/CLOUDSTACK-10319 > Project: CloudStack > Issue Type: Bug > Security Level: Public(Anyone can view this level - this is the > default.) >Reporter: Rohit Yadav >Assignee: Rohit Yadav >Priority: Major > Fix For: 4.12.0.0, 4.11.1.0 > > > TLS 1.0 and 1.1 are both recommended to not be used. The aim would be to make > cloudstack prefer tls 1.2. -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Commented] (CLOUDSTACK-10319) Prefer TLSv1.2 and deprecate TLS 1.0/1.1
[ https://issues.apache.org/jira/browse/CLOUDSTACK-10319?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16413457#comment-16413457 ] ASF GitHub Bot commented on CLOUDSTACK-10319: - blueorangutan commented on issue #2507: CLOUDSTACK-10319: Allow TLSv1, v1.1 for XenServer, Vmware URL: https://github.com/apache/cloudstack/pull/2507#issuecomment-375957838 @rhtyd a Trillian-Jenkins test job (centos7 mgmt + vmware-55u3) has been kicked to run smoke tests This is an automated message from the Apache Git Service. To respond to the message, please log on GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: us...@infra.apache.org > Prefer TLSv1.2 and deprecate TLS 1.0/1.1 > > > Key: CLOUDSTACK-10319 > URL: https://issues.apache.org/jira/browse/CLOUDSTACK-10319 > Project: CloudStack > Issue Type: Bug > Security Level: Public(Anyone can view this level - this is the > default.) >Reporter: Rohit Yadav >Assignee: Rohit Yadav >Priority: Major > Fix For: 4.12.0.0, 4.11.1.0 > > > TLS 1.0 and 1.1 are both recommended to not be used. The aim would be to make > cloudstack prefer tls 1.2. -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Commented] (CLOUDSTACK-10319) Prefer TLSv1.2 and deprecate TLS 1.0/1.1
[ https://issues.apache.org/jira/browse/CLOUDSTACK-10319?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16413456#comment-16413456 ] ASF GitHub Bot commented on CLOUDSTACK-10319: - rhtyd commented on issue #2507: CLOUDSTACK-10319: Allow TLSv1, v1.1 for XenServer, Vmware URL: https://github.com/apache/cloudstack/pull/2507#issuecomment-375957793 @blueorangutan test centos7 vmware-55u3 This is an automated message from the Apache Git Service. To respond to the message, please log on GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: us...@infra.apache.org > Prefer TLSv1.2 and deprecate TLS 1.0/1.1 > > > Key: CLOUDSTACK-10319 > URL: https://issues.apache.org/jira/browse/CLOUDSTACK-10319 > Project: CloudStack > Issue Type: Bug > Security Level: Public(Anyone can view this level - this is the > default.) >Reporter: Rohit Yadav >Assignee: Rohit Yadav >Priority: Major > Fix For: 4.12.0.0, 4.11.1.0 > > > TLS 1.0 and 1.1 are both recommended to not be used. The aim would be to make > cloudstack prefer tls 1.2. -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Commented] (CLOUDSTACK-10319) Prefer TLSv1.2 and deprecate TLS 1.0/1.1
[ https://issues.apache.org/jira/browse/CLOUDSTACK-10319?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16413458#comment-16413458 ] ASF GitHub Bot commented on CLOUDSTACK-10319: - rhtyd commented on issue #2507: CLOUDSTACK-10319: Allow TLSv1, v1.1 for XenServer, Vmware URL: https://github.com/apache/cloudstack/pull/2507#issuecomment-376065281 @blueorangutan test centos7 vmware-55u3 This is an automated message from the Apache Git Service. To respond to the message, please log on GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: us...@infra.apache.org > Prefer TLSv1.2 and deprecate TLS 1.0/1.1 > > > Key: CLOUDSTACK-10319 > URL: https://issues.apache.org/jira/browse/CLOUDSTACK-10319 > Project: CloudStack > Issue Type: Bug > Security Level: Public(Anyone can view this level - this is the > default.) >Reporter: Rohit Yadav >Assignee: Rohit Yadav >Priority: Major > Fix For: 4.12.0.0, 4.11.1.0 > > > TLS 1.0 and 1.1 are both recommended to not be used. The aim would be to make > cloudstack prefer tls 1.2. -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Commented] (CLOUDSTACK-10319) Prefer TLSv1.2 and deprecate TLS 1.0/1.1
[ https://issues.apache.org/jira/browse/CLOUDSTACK-10319?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16412962#comment-16412962 ] ASF GitHub Bot commented on CLOUDSTACK-10319: - blueorangutan commented on issue #2507: CLOUDSTACK-10319: Allow TLSv1, v1.1 for XenServer, Vmware URL: https://github.com/apache/cloudstack/pull/2507#issuecomment-375957838 @rhtyd a Trillian-Jenkins test job (centos7 mgmt + vmware-55u3) has been kicked to run smoke tests This is an automated message from the Apache Git Service. To respond to the message, please log on GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: us...@infra.apache.org > Prefer TLSv1.2 and deprecate TLS 1.0/1.1 > > > Key: CLOUDSTACK-10319 > URL: https://issues.apache.org/jira/browse/CLOUDSTACK-10319 > Project: CloudStack > Issue Type: Bug > Security Level: Public(Anyone can view this level - this is the > default.) >Reporter: Rohit Yadav >Assignee: Rohit Yadav >Priority: Major > Fix For: 4.12.0.0, 4.11.1.0 > > > TLS 1.0 and 1.1 are both recommended to not be used. The aim would be to make > cloudstack prefer tls 1.2. -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Commented] (CLOUDSTACK-10319) Prefer TLSv1.2 and deprecate TLS 1.0/1.1
[ https://issues.apache.org/jira/browse/CLOUDSTACK-10319?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16412961#comment-16412961 ] ASF GitHub Bot commented on CLOUDSTACK-10319: - rhtyd commented on issue #2507: CLOUDSTACK-10319: Allow TLSv1, v1.1 for XenServer, Vmware URL: https://github.com/apache/cloudstack/pull/2507#issuecomment-375957793 @blueorangutan test centos7 vmware-55u3 This is an automated message from the Apache Git Service. To respond to the message, please log on GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: us...@infra.apache.org > Prefer TLSv1.2 and deprecate TLS 1.0/1.1 > > > Key: CLOUDSTACK-10319 > URL: https://issues.apache.org/jira/browse/CLOUDSTACK-10319 > Project: CloudStack > Issue Type: Bug > Security Level: Public(Anyone can view this level - this is the > default.) >Reporter: Rohit Yadav >Assignee: Rohit Yadav >Priority: Major > Fix For: 4.12.0.0, 4.11.1.0 > > > TLS 1.0 and 1.1 are both recommended to not be used. The aim would be to make > cloudstack prefer tls 1.2. -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Commented] (CLOUDSTACK-10319) Prefer TLSv1.2 and deprecate TLS 1.0/1.1
[ https://issues.apache.org/jira/browse/CLOUDSTACK-10319?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16412884#comment-16412884 ] ASF GitHub Bot commented on CLOUDSTACK-10319: - blueorangutan commented on issue #2507: CLOUDSTACK-10319: Allow TLSv1, v1.1 for XenServer, Vmware URL: https://github.com/apache/cloudstack/pull/2507#issuecomment-375945194 Trillian test result (tid-2409) Environment: vmware-55u3 (x2), Advanced Networking with Mgmt server 7 Total time taken: 149712 seconds Marvin logs: https://github.com/blueorangutan/acs-prs/releases/download/trillian/pr2507-t2409-vmware-55u3.zip Intermitten failure detected: /marvin/tests/smoke/test_deploy_vm_root_resize.py Intermitten failure detected: /marvin/tests/smoke/test_public_ip_range.py Intermitten failure detected: /marvin/tests/smoke/test_routers_network_ops.py Intermitten failure detected: /marvin/tests/smoke/test_routers.py Intermitten failure detected: /marvin/tests/smoke/test_service_offerings.py Intermitten failure detected: /marvin/tests/smoke/test_templates.py Intermitten failure detected: /marvin/tests/smoke/test_usage.py Intermitten failure detected: /marvin/tests/smoke/test_volumes.py Intermitten failure detected: /marvin/tests/smoke/test_vpc_redundant.py Smoke tests completed. 60 look OK, 7 have error(s) Only failed tests results shown below: Test | Result | Time (s) | Test File --- | --- | --- | --- test_01_RVR_Network_FW_PF_SSH_default_routes_egress_true | `Failure` | 2109.73 | test_routers_network_ops.py test_04_restart_network_wo_cleanup | `Failure` | 4.11 | test_routers.py ContextSuite context=TestCpuCapServiceOfferings>:teardown | `Error` | 0.00 | test_service_offerings.py test_04_extract_template | `Failure` | 164.99 | test_templates.py ContextSuite context=TestISOUsage>:setup | `Error` | 0.00 | test_usage.py test_06_download_detached_volume | `Failure` | 211.48 | test_volumes.py test_04_rvpc_network_garbage_collector_nics | `Failure` | 680.51 | test_vpc_redundant.py This is an automated message from the Apache Git Service. To respond to the message, please log on GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: us...@infra.apache.org > Prefer TLSv1.2 and deprecate TLS 1.0/1.1 > > > Key: CLOUDSTACK-10319 > URL: https://issues.apache.org/jira/browse/CLOUDSTACK-10319 > Project: CloudStack > Issue Type: Bug > Security Level: Public(Anyone can view this level - this is the > default.) >Reporter: Rohit Yadav >Assignee: Rohit Yadav >Priority: Major > Fix For: 4.12.0.0, 4.11.1.0 > > > TLS 1.0 and 1.1 are both recommended to not be used. The aim would be to make > cloudstack prefer tls 1.2. -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Commented] (CLOUDSTACK-10319) Prefer TLSv1.2 and deprecate TLS 1.0/1.1
[ https://issues.apache.org/jira/browse/CLOUDSTACK-10319?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16411180#comment-16411180 ] ASF GitHub Bot commented on CLOUDSTACK-10319: - blueorangutan commented on issue #2507: CLOUDSTACK-10319: Allow TLSv1, v1.1 for XenServer, Vmware URL: https://github.com/apache/cloudstack/pull/2507#issuecomment-375618571 @rhtyd a Trillian-Jenkins test job (centos7 mgmt + vmware-55u3) has been kicked to run smoke tests This is an automated message from the Apache Git Service. To respond to the message, please log on GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: us...@infra.apache.org > Prefer TLSv1.2 and deprecate TLS 1.0/1.1 > > > Key: CLOUDSTACK-10319 > URL: https://issues.apache.org/jira/browse/CLOUDSTACK-10319 > Project: CloudStack > Issue Type: Bug > Security Level: Public(Anyone can view this level - this is the > default.) >Reporter: Rohit Yadav >Assignee: Rohit Yadav >Priority: Major > Fix For: 4.12.0.0, 4.11.1.0 > > > TLS 1.0 and 1.1 are both recommended to not be used. The aim would be to make > cloudstack prefer tls 1.2. -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Commented] (CLOUDSTACK-10319) Prefer TLSv1.2 and deprecate TLS 1.0/1.1
[ https://issues.apache.org/jira/browse/CLOUDSTACK-10319?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16411178#comment-16411178 ] ASF GitHub Bot commented on CLOUDSTACK-10319: - rhtyd commented on issue #2507: CLOUDSTACK-10319: Allow TLSv1, v1.1 for XenServer, Vmware URL: https://github.com/apache/cloudstack/pull/2507#issuecomment-375618329 @blueorangutan test centos7 vmware-55u3 This is an automated message from the Apache Git Service. To respond to the message, please log on GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: us...@infra.apache.org > Prefer TLSv1.2 and deprecate TLS 1.0/1.1 > > > Key: CLOUDSTACK-10319 > URL: https://issues.apache.org/jira/browse/CLOUDSTACK-10319 > Project: CloudStack > Issue Type: Bug > Security Level: Public(Anyone can view this level - this is the > default.) >Reporter: Rohit Yadav >Assignee: Rohit Yadav >Priority: Major > Fix For: 4.12.0.0, 4.11.1.0 > > > TLS 1.0 and 1.1 are both recommended to not be used. The aim would be to make > cloudstack prefer tls 1.2. -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Commented] (CLOUDSTACK-10319) Prefer TLSv1.2 and deprecate TLS 1.0/1.1
[ https://issues.apache.org/jira/browse/CLOUDSTACK-10319?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16411100#comment-16411100 ] ASF GitHub Bot commented on CLOUDSTACK-10319: - blueorangutan commented on issue #2507: CLOUDSTACK-10319: Allow TLSv1, v1.1 for XenServer, Vmware URL: https://github.com/apache/cloudstack/pull/2507#issuecomment-375597210 Packaging result: ✔centos6 ✔centos7 ✔debian. JID-1819 This is an automated message from the Apache Git Service. To respond to the message, please log on GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: us...@infra.apache.org > Prefer TLSv1.2 and deprecate TLS 1.0/1.1 > > > Key: CLOUDSTACK-10319 > URL: https://issues.apache.org/jira/browse/CLOUDSTACK-10319 > Project: CloudStack > Issue Type: Bug > Security Level: Public(Anyone can view this level - this is the > default.) >Reporter: Rohit Yadav >Assignee: Rohit Yadav >Priority: Major > Fix For: 4.12.0.0, 4.11.1.0 > > > TLS 1.0 and 1.1 are both recommended to not be used. The aim would be to make > cloudstack prefer tls 1.2. -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Commented] (CLOUDSTACK-10319) Prefer TLSv1.2 and deprecate TLS 1.0/1.1
[ https://issues.apache.org/jira/browse/CLOUDSTACK-10319?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16411056#comment-16411056 ] ASF GitHub Bot commented on CLOUDSTACK-10319: - blueorangutan commented on issue #2507: CLOUDSTACK-10319: Allow TLSv1, v1.1 for XenServer, Vmware URL: https://github.com/apache/cloudstack/pull/2507#issuecomment-375589643 @rhtyd a Jenkins job has been kicked to build packages. I'll keep you posted as I make progress. This is an automated message from the Apache Git Service. To respond to the message, please log on GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: us...@infra.apache.org > Prefer TLSv1.2 and deprecate TLS 1.0/1.1 > > > Key: CLOUDSTACK-10319 > URL: https://issues.apache.org/jira/browse/CLOUDSTACK-10319 > Project: CloudStack > Issue Type: Bug > Security Level: Public(Anyone can view this level - this is the > default.) >Reporter: Rohit Yadav >Assignee: Rohit Yadav >Priority: Major > Fix For: 4.12.0.0, 4.11.1.0 > > > TLS 1.0 and 1.1 are both recommended to not be used. The aim would be to make > cloudstack prefer tls 1.2. -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Commented] (CLOUDSTACK-10319) Prefer TLSv1.2 and deprecate TLS 1.0/1.1
[ https://issues.apache.org/jira/browse/CLOUDSTACK-10319?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16411055#comment-16411055 ] ASF GitHub Bot commented on CLOUDSTACK-10319: - rhtyd opened a new pull request #2507: CLOUDSTACK-10319: Allow TLSv1, v1.1 for XenServer, Vmware URL: https://github.com/apache/cloudstack/pull/2507 ## Description This reverts changes from #2480, instead moves TLS settings to java ciphers settings config file. It should be sufficient to enforce TLS v1.2 on public facing CloudStack services: - CloudStack webserver (Jetty based) - Apache2 for secondary storage VM - CPVM HTTPs server ## Types of changes - [ ] Breaking change (fix or feature that would cause existing functionality to change) - [ ] New feature (non-breaking change which adds functionality) - [ ] Bug fix (non-breaking change which fixes an issue) - [ ] Enhancement (improves an existing feature and functionality) - [ ] Cleanup (Code refactoring and cleanup, that may add test cases) ## Checklist: - [ ] I have read the [CONTRIBUTING](https://github.com/apache/cloudstack/blob/master/CONTRIBUTING.md) document. - [ ] My code follows the code style of this project. - [ ] All new and existing tests passed. @blueorangutan package This is an automated message from the Apache Git Service. To respond to the message, please log on GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: us...@infra.apache.org > Prefer TLSv1.2 and deprecate TLS 1.0/1.1 > > > Key: CLOUDSTACK-10319 > URL: https://issues.apache.org/jira/browse/CLOUDSTACK-10319 > Project: CloudStack > Issue Type: Bug > Security Level: Public(Anyone can view this level - this is the > default.) >Reporter: Rohit Yadav >Assignee: Rohit Yadav >Priority: Major > Fix For: 4.12.0.0, 4.11.1.0 > > > TLS 1.0 and 1.1 are both recommended to not be used. The aim would be to make > cloudstack prefer tls 1.2. -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Commented] (CLOUDSTACK-10319) Prefer TLSv1.2 and deprecate TLS 1.0/1.1
[ https://issues.apache.org/jira/browse/CLOUDSTACK-10319?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16411034#comment-16411034 ] ASF GitHub Bot commented on CLOUDSTACK-10319: - rhtyd commented on issue #2480: CLOUDSTACK-10319: Prefer TLSv1.2, deprecate TLSv1.0,1.1 URL: https://github.com/apache/cloudstack/pull/2480#issuecomment-375585194 @rafaelweingartner @PaulAngus and others this seems to break older xenservers and vmware 5.x vcenters which expects to connect via TLS 1.0. I think instead to do this system-wide we may only fix it for public facing services such as - (a) apache2 in systemvms, (b) console proxy server, (c) management server. I'll partially revert this. This is an automated message from the Apache Git Service. To respond to the message, please log on GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: us...@infra.apache.org > Prefer TLSv1.2 and deprecate TLS 1.0/1.1 > > > Key: CLOUDSTACK-10319 > URL: https://issues.apache.org/jira/browse/CLOUDSTACK-10319 > Project: CloudStack > Issue Type: Bug > Security Level: Public(Anyone can view this level - this is the > default.) >Reporter: Rohit Yadav >Assignee: Rohit Yadav >Priority: Major > Fix For: 4.12.0.0, 4.11.1.0 > > > TLS 1.0 and 1.1 are both recommended to not be used. The aim would be to make > cloudstack prefer tls 1.2. -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Commented] (CLOUDSTACK-10319) Prefer TLSv1.2 and deprecate TLS 1.0/1.1
[ https://issues.apache.org/jira/browse/CLOUDSTACK-10319?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16398408#comment-16398408 ] ASF GitHub Bot commented on CLOUDSTACK-10319: - rafaelweingartner commented on issue #2480: CLOUDSTACK-10319: Prefer TLSv1.2, deprecate TLSv1.0,1.1 URL: https://github.com/apache/cloudstack/pull/2480#issuecomment-372987591 Ok, thanks. I had a problem with these changes and XenServer 6.5. XS 6.5 is using TLSV1. This is an automated message from the Apache Git Service. To respond to the message, please log on GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: us...@infra.apache.org > Prefer TLSv1.2 and deprecate TLS 1.0/1.1 > > > Key: CLOUDSTACK-10319 > URL: https://issues.apache.org/jira/browse/CLOUDSTACK-10319 > Project: CloudStack > Issue Type: Bug > Security Level: Public(Anyone can view this level - this is the > default.) >Reporter: Rohit Yadav >Assignee: Rohit Yadav >Priority: Major > Fix For: 4.12.0.0, 4.11.1.0 > > > TLS 1.0 and 1.1 are both recommended to not be used. The aim would be to make > cloudstack prefer tls 1.2. -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Commented] (CLOUDSTACK-10319) Prefer TLSv1.2 and deprecate TLS 1.0/1.1
[ https://issues.apache.org/jira/browse/CLOUDSTACK-10319?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16398336#comment-16398336 ] ASF GitHub Bot commented on CLOUDSTACK-10319: - rhtyd commented on issue #2480: CLOUDSTACK-10319: Prefer TLSv1.2, deprecate TLSv1.0,1.1 URL: https://github.com/apache/cloudstack/pull/2480#issuecomment-372960693 @rafaelweingartner no, let me kick one explicitly on latest 4.11 via #2376 This is an automated message from the Apache Git Service. To respond to the message, please log on GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: us...@infra.apache.org > Prefer TLSv1.2 and deprecate TLS 1.0/1.1 > > > Key: CLOUDSTACK-10319 > URL: https://issues.apache.org/jira/browse/CLOUDSTACK-10319 > Project: CloudStack > Issue Type: Bug > Security Level: Public(Anyone can view this level - this is the > default.) >Reporter: Rohit Yadav >Assignee: Rohit Yadav >Priority: Major > Fix For: 4.12.0.0, 4.11.1.0 > > > TLS 1.0 and 1.1 are both recommended to not be used. The aim would be to make > cloudstack prefer tls 1.2. -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Commented] (CLOUDSTACK-10319) Prefer TLSv1.2 and deprecate TLS 1.0/1.1
[ https://issues.apache.org/jira/browse/CLOUDSTACK-10319?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16397680#comment-16397680 ] ASF GitHub Bot commented on CLOUDSTACK-10319: - rafaelweingartner commented on issue #2480: CLOUDSTACK-10319: Prefer TLSv1.2, deprecate TLSv1.0,1.1 URL: https://github.com/apache/cloudstack/pull/2480#issuecomment-372824276 @rhtyd have you tested this one against XenServer 6.5? This is an automated message from the Apache Git Service. To respond to the message, please log on GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: us...@infra.apache.org > Prefer TLSv1.2 and deprecate TLS 1.0/1.1 > > > Key: CLOUDSTACK-10319 > URL: https://issues.apache.org/jira/browse/CLOUDSTACK-10319 > Project: CloudStack > Issue Type: Bug > Security Level: Public(Anyone can view this level - this is the > default.) >Reporter: Rohit Yadav >Assignee: Rohit Yadav >Priority: Major > Fix For: 4.12.0.0, 4.11.1.0 > > > TLS 1.0 and 1.1 are both recommended to not be used. The aim would be to make > cloudstack prefer tls 1.2. -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Commented] (CLOUDSTACK-10319) Prefer TLSv1.2 and deprecate TLS 1.0/1.1
[ https://issues.apache.org/jira/browse/CLOUDSTACK-10319?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16395068#comment-16395068 ] ASF subversion and git services commented on CLOUDSTACK-10319: -- Commit da8cf8c3703178b0570ae34b5f5338dd704b8c73 in cloudstack's branch refs/heads/master from [~rohithsharma] [ https://gitbox.apache.org/repos/asf?p=cloudstack.git;h=da8cf8c ] CLOUDSTACK-10319: Prefer TLSv1.2, deprecate TLSv1.0,1.1 (#2480) This deprecates and remove TLS 1.0 and 1.1 from preferred list of protocols and keeps only TLSv1.2. Signed-off-by: Rohit Yadav > Prefer TLSv1.2 and deprecate TLS 1.0/1.1 > > > Key: CLOUDSTACK-10319 > URL: https://issues.apache.org/jira/browse/CLOUDSTACK-10319 > Project: CloudStack > Issue Type: Bug > Security Level: Public(Anyone can view this level - this is the > default.) >Reporter: Rohit Yadav >Assignee: Rohit Yadav >Priority: Major > Fix For: 4.12.0.0, 4.11.1.0 > > > TLS 1.0 and 1.1 are both recommended to not be used. The aim would be to make > cloudstack prefer tls 1.2. -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Commented] (CLOUDSTACK-10319) Prefer TLSv1.2 and deprecate TLS 1.0/1.1
[ https://issues.apache.org/jira/browse/CLOUDSTACK-10319?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16395065#comment-16395065 ] ASF subversion and git services commented on CLOUDSTACK-10319: -- Commit da8cf8c3703178b0570ae34b5f5338dd704b8c73 in cloudstack's branch refs/heads/4.11 from [~rohithsharma] [ https://gitbox.apache.org/repos/asf?p=cloudstack.git;h=da8cf8c ] CLOUDSTACK-10319: Prefer TLSv1.2, deprecate TLSv1.0,1.1 (#2480) This deprecates and remove TLS 1.0 and 1.1 from preferred list of protocols and keeps only TLSv1.2. Signed-off-by: Rohit Yadav > Prefer TLSv1.2 and deprecate TLS 1.0/1.1 > > > Key: CLOUDSTACK-10319 > URL: https://issues.apache.org/jira/browse/CLOUDSTACK-10319 > Project: CloudStack > Issue Type: Bug > Security Level: Public(Anyone can view this level - this is the > default.) >Reporter: Rohit Yadav >Assignee: Rohit Yadav >Priority: Major > Fix For: 4.12.0.0, 4.11.1.0 > > > TLS 1.0 and 1.1 are both recommended to not be used. The aim would be to make > cloudstack prefer tls 1.2. -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Commented] (CLOUDSTACK-10319) Prefer TLSv1.2 and deprecate TLS 1.0/1.1
[ https://issues.apache.org/jira/browse/CLOUDSTACK-10319?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16395064#comment-16395064 ] ASF GitHub Bot commented on CLOUDSTACK-10319: - rhtyd closed pull request #2480: CLOUDSTACK-10319: Prefer TLSv1.2, deprecate TLSv1.0,1.1 URL: https://github.com/apache/cloudstack/pull/2480 This is a PR merged from a forked repository. As GitHub hides the original diff on merge, it is displayed below for the sake of provenance: As this is a foreign pull request (from a fork), the diff is supplied below (as it won't show otherwise due to GitHub magic): diff --git a/plugins/event-bus/rabbitmq/src/org/apache/cloudstack/mom/rabbitmq/RabbitMQEventBus.java b/plugins/event-bus/rabbitmq/src/org/apache/cloudstack/mom/rabbitmq/RabbitMQEventBus.java index 5c0d6ce6047..0b0b0839e70 100644 --- a/plugins/event-bus/rabbitmq/src/org/apache/cloudstack/mom/rabbitmq/RabbitMQEventBus.java +++ b/plugins/event-bus/rabbitmq/src/org/apache/cloudstack/mom/rabbitmq/RabbitMQEventBus.java @@ -61,7 +61,7 @@ private static Integer port; private static String username; private static String password; -private static String secureProtocol = "TLSv1"; +private static String secureProtocol = "TLSv1.2"; public synchronized static void setVirtualHost(String virtualHost) { RabbitMQEventBus.virtualHost = virtualHost; @@ -623,4 +623,4 @@ public void handleDelivery(String queueName, Envelope envelope, AMQP.BasicProper return; } } -} \ No newline at end of file +} diff --git a/systemvm/debian/etc/apache2/vhost.template b/systemvm/debian/etc/apache2/vhost.template index caded8c2ad4..688239cd8c0 100644 --- a/systemvm/debian/etc/apache2/vhost.template +++ b/systemvm/debian/etc/apache2/vhost.template @@ -89,7 +89,7 @@ # SSL Engine Switch: # Enable/Disable SSL for this virtual host. SSLEngine on - SSLProtocol all -SSLv2 -SSLv3 + SSLProtocol TLSv1.2 SSLCipherSuite ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA SSLHonorCipherOrder on diff --git a/tools/appliance/systemvmtemplate/scripts/configure_systemvm_services.sh b/tools/appliance/systemvmtemplate/scripts/configure_systemvm_services.sh index 6e2e3059a53..3544806b1f9 100644 --- a/tools/appliance/systemvmtemplate/scripts/configure_systemvm_services.sh +++ b/tools/appliance/systemvmtemplate/scripts/configure_systemvm_services.sh @@ -28,7 +28,7 @@ function configure_apache2() { # Backup stock apache configuration since we may modify it in Secondary Storage VM cp /etc/apache2/sites-available/000-default.conf /etc/apache2/sites-available/default.orig cp /etc/apache2/sites-available/default-ssl.conf /etc/apache2/sites-available/default-ssl.orig - sed -i 's/SSLProtocol all -SSLv2$/SSLProtocol all -SSLv2 -SSLv3/g' /etc/apache2/mods-available/ssl.conf + sed -i 's/SSLProtocol .*$/SSLProtocol TLSv1.2/g' /etc/apache2/mods-available/ssl.conf } function install_cloud_scripts() { diff --git a/utils/src/main/java/org/apache/cloudstack/utils/security/SSLUtils.java b/utils/src/main/java/org/apache/cloudstack/utils/security/SSLUtils.java index 8016f5a1916..9fbdb4aa553 100644 --- a/utils/src/main/java/org/apache/cloudstack/utils/security/SSLUtils.java +++ b/utils/src/main/java/org/apache/cloudstack/utils/security/SSLUtils.java @@ -34,7 +34,7 @@ public static String[] getSupportedProtocols(String[] protocols) { Set set = new HashSet(); for (String s : protocols) { -if (s.equals("SSLv3") || s.equals("SSLv2Hello")) { +if (s.equals("TLSv1") || s.equals("TLSv1.1") || s.equals("SSLv3") || s.equals("SSLv2Hello")) { continue; } set.add(s); @@ -46,7 +46,7 @@ * It returns recommended protocols that are considered secure. */ public static String[] getRecommendedProtocols() { -return new String[] { "TLSv1", "TLSv1.1", "TLSv1.2" }; +return new String[] { "TLSv1.2" }; } /** diff --git a/utils/src/test/java/com/cloud/utils/security/SSLUtilsTest.java b/utils/src/test/java/com/cloud/utils/security/SSLUtilsTest.java index 625b538d7f2..6c66dcd1bd0 100644 --- a/
[jira] [Commented] (CLOUDSTACK-10319) Prefer TLSv1.2 and deprecate TLS 1.0/1.1
[ https://issues.apache.org/jira/browse/CLOUDSTACK-10319?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16395063#comment-16395063 ] ASF GitHub Bot commented on CLOUDSTACK-10319: - rhtyd commented on issue #2480: CLOUDSTACK-10319: Prefer TLSv1.2, deprecate TLSv1.0,1.1 URL: https://github.com/apache/cloudstack/pull/2480#issuecomment-372265783 Merging this PR based on test results and code reviews, thanks. This is an automated message from the Apache Git Service. To respond to the message, please log on GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: us...@infra.apache.org > Prefer TLSv1.2 and deprecate TLS 1.0/1.1 > > > Key: CLOUDSTACK-10319 > URL: https://issues.apache.org/jira/browse/CLOUDSTACK-10319 > Project: CloudStack > Issue Type: Bug > Security Level: Public(Anyone can view this level - this is the > default.) >Reporter: Rohit Yadav >Assignee: Rohit Yadav >Priority: Major > Fix For: 4.12.0.0, 4.11.1.0 > > > TLS 1.0 and 1.1 are both recommended to not be used. The aim would be to make > cloudstack prefer tls 1.2. -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Commented] (CLOUDSTACK-10319) Prefer TLSv1.2 and deprecate TLS 1.0/1.1
[ https://issues.apache.org/jira/browse/CLOUDSTACK-10319?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16395062#comment-16395062 ] ASF GitHub Bot commented on CLOUDSTACK-10319: - rhtyd commented on issue #2480: CLOUDSTACK-10319: Prefer TLSv1.2, deprecate TLSv1.0,1.1 URL: https://github.com/apache/cloudstack/pull/2480#issuecomment-372265703 Test LGTM, no failures seen. The only affected public facing services are browser related - (1) apache2 on systemvms and (2) jetty powered mgmt server. Given the UI does not support IE, we've been testing against modern browsers such as Chrome and Firefox only, acceptance of the PR should not cause new failures for users. If admins want to enable TLS support (1.0+1.1) for browsers for the UI, they may configure the java.security.ciphers file or explicitly set the `jdk.tls.disabledAlgorithms= SSLv2Hello, SSLv3` option to allow both TLSv1, v1.1. With Java8, TLS1.2 is enabled by default. This is an automated message from the Apache Git Service. To respond to the message, please log on GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: us...@infra.apache.org > Prefer TLSv1.2 and deprecate TLS 1.0/1.1 > > > Key: CLOUDSTACK-10319 > URL: https://issues.apache.org/jira/browse/CLOUDSTACK-10319 > Project: CloudStack > Issue Type: Bug > Security Level: Public(Anyone can view this level - this is the > default.) >Reporter: Rohit Yadav >Assignee: Rohit Yadav >Priority: Major > Fix For: 4.12.0.0, 4.11.1.0 > > > TLS 1.0 and 1.1 are both recommended to not be used. The aim would be to make > cloudstack prefer tls 1.2. -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Commented] (CLOUDSTACK-10319) Prefer TLSv1.2 and deprecate TLS 1.0/1.1
[ https://issues.apache.org/jira/browse/CLOUDSTACK-10319?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16392920#comment-16392920 ] ASF GitHub Bot commented on CLOUDSTACK-10319: - wido commented on issue #2480: CLOUDSTACK-10319: Prefer TLSv1.2, deprecate TLSv1.0,1.1 URL: https://github.com/apache/cloudstack/pull/2480#issuecomment-371823375 LGTM based on the code This is an automated message from the Apache Git Service. To respond to the message, please log on GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: us...@infra.apache.org > Prefer TLSv1.2 and deprecate TLS 1.0/1.1 > > > Key: CLOUDSTACK-10319 > URL: https://issues.apache.org/jira/browse/CLOUDSTACK-10319 > Project: CloudStack > Issue Type: Bug > Security Level: Public(Anyone can view this level - this is the > default.) >Reporter: Rohit Yadav >Assignee: Rohit Yadav >Priority: Major > Fix For: 4.12.0.0, 4.11.1.0 > > > TLS 1.0 and 1.1 are both recommended to not be used. The aim would be to make > cloudstack prefer tls 1.2. -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Commented] (CLOUDSTACK-10319) Prefer TLSv1.2 and deprecate TLS 1.0/1.1
[ https://issues.apache.org/jira/browse/CLOUDSTACK-10319?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16392519#comment-16392519 ] ASF GitHub Bot commented on CLOUDSTACK-10319: - blueorangutan commented on issue #2480: CLOUDSTACK-10319: Prefer TLSv1.2, deprecate TLSv1.0,1.1 URL: https://github.com/apache/cloudstack/pull/2480#issuecomment-371732713 Trillian test result (tid-2345) Environment: vmware-65 (x2), Advanced Networking with Mgmt server 7 Total time taken: 39111 seconds Marvin logs: https://github.com/blueorangutan/acs-prs/releases/download/trillian/pr2480-t2345-vmware-65.zip Intermitten failure detected: /marvin/tests/smoke/test_public_ip_range.py Intermitten failure detected: /marvin/tests/smoke/test_templates.py Intermitten failure detected: /marvin/tests/smoke/test_usage.py Intermitten failure detected: /marvin/tests/smoke/test_volumes.py Smoke tests completed. 64 look OK, 3 have error(s) Only failed tests results shown below: Test | Result | Time (s) | Test File --- | --- | --- | --- test_04_extract_template | `Failure` | 142.88 | test_templates.py ContextSuite context=TestISOUsage>:setup | `Error` | 0.00 | test_usage.py test_06_download_detached_volume | `Failure` | 186.11 | test_volumes.py This is an automated message from the Apache Git Service. To respond to the message, please log on GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: us...@infra.apache.org > Prefer TLSv1.2 and deprecate TLS 1.0/1.1 > > > Key: CLOUDSTACK-10319 > URL: https://issues.apache.org/jira/browse/CLOUDSTACK-10319 > Project: CloudStack > Issue Type: Bug > Security Level: Public(Anyone can view this level - this is the > default.) >Reporter: Rohit Yadav >Assignee: Rohit Yadav >Priority: Major > Fix For: 4.12.0.0, 4.11.1.0 > > > TLS 1.0 and 1.1 are both recommended to not be used. The aim would be to make > cloudstack prefer tls 1.2. -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Commented] (CLOUDSTACK-10319) Prefer TLSv1.2 and deprecate TLS 1.0/1.1
[ https://issues.apache.org/jira/browse/CLOUDSTACK-10319?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16391849#comment-16391849 ] ASF GitHub Bot commented on CLOUDSTACK-10319: - blueorangutan commented on issue #2480: CLOUDSTACK-10319: Prefer TLSv1.2, deprecate TLSv1.0,1.1 URL: https://github.com/apache/cloudstack/pull/2480#issuecomment-371605523 @rhtyd a Trillian-Jenkins test job (centos7 mgmt + vmware-65) has been kicked to run smoke tests This is an automated message from the Apache Git Service. To respond to the message, please log on GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: us...@infra.apache.org > Prefer TLSv1.2 and deprecate TLS 1.0/1.1 > > > Key: CLOUDSTACK-10319 > URL: https://issues.apache.org/jira/browse/CLOUDSTACK-10319 > Project: CloudStack > Issue Type: Bug > Security Level: Public(Anyone can view this level - this is the > default.) >Reporter: Rohit Yadav >Assignee: Rohit Yadav >Priority: Major > Fix For: 4.12.0.0, 4.11.1.0 > > > TLS 1.0 and 1.1 are both recommended to not be used. The aim would be to make > cloudstack prefer tls 1.2. -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Commented] (CLOUDSTACK-10319) Prefer TLSv1.2 and deprecate TLS 1.0/1.1
[ https://issues.apache.org/jira/browse/CLOUDSTACK-10319?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16391847#comment-16391847 ] ASF GitHub Bot commented on CLOUDSTACK-10319: - rhtyd commented on issue #2480: CLOUDSTACK-10319: Prefer TLSv1.2, deprecate TLSv1.0,1.1 URL: https://github.com/apache/cloudstack/pull/2480#issuecomment-371605409 @blueorangutan test centos7 vmware-65 This is an automated message from the Apache Git Service. To respond to the message, please log on GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: us...@infra.apache.org > Prefer TLSv1.2 and deprecate TLS 1.0/1.1 > > > Key: CLOUDSTACK-10319 > URL: https://issues.apache.org/jira/browse/CLOUDSTACK-10319 > Project: CloudStack > Issue Type: Bug > Security Level: Public(Anyone can view this level - this is the > default.) >Reporter: Rohit Yadav >Assignee: Rohit Yadav >Priority: Major > Fix For: 4.12.0.0, 4.11.1.0 > > > TLS 1.0 and 1.1 are both recommended to not be used. The aim would be to make > cloudstack prefer tls 1.2. -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Commented] (CLOUDSTACK-10319) Prefer TLSv1.2 and deprecate TLS 1.0/1.1
[ https://issues.apache.org/jira/browse/CLOUDSTACK-10319?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16391809#comment-16391809 ] ASF GitHub Bot commented on CLOUDSTACK-10319: - blueorangutan commented on issue #2480: CLOUDSTACK-10319: Prefer TLSv1.2, deprecate TLSv1.0,1.1 URL: https://github.com/apache/cloudstack/pull/2480#issuecomment-371598747 Trillian test result (tid-2341) Environment: xenserver-71 (x2), Advanced Networking with Mgmt server 6 Total time taken: 22708 seconds Marvin logs: https://github.com/blueorangutan/acs-prs/releases/download/trillian/pr2480-t2341-xenserver-71.zip Intermitten failure detected: /marvin/tests/smoke/test_deploy_vm_iso.py Intermitten failure detected: /marvin/tests/smoke/test_scale_vm.py Smoke tests completed. 66 look OK, 1 have error(s) Only failed tests results shown below: Test | Result | Time (s) | Test File --- | --- | --- | --- test_01_scale_vm | `Error` | 9.43 | test_scale_vm.py This is an automated message from the Apache Git Service. To respond to the message, please log on GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: us...@infra.apache.org > Prefer TLSv1.2 and deprecate TLS 1.0/1.1 > > > Key: CLOUDSTACK-10319 > URL: https://issues.apache.org/jira/browse/CLOUDSTACK-10319 > Project: CloudStack > Issue Type: Bug > Security Level: Public(Anyone can view this level - this is the > default.) >Reporter: Rohit Yadav >Assignee: Rohit Yadav >Priority: Major > Fix For: 4.12.0.0, 4.11.1.0 > > > TLS 1.0 and 1.1 are both recommended to not be used. The aim would be to make > cloudstack prefer tls 1.2. -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Commented] (CLOUDSTACK-10319) Prefer TLSv1.2 and deprecate TLS 1.0/1.1
[ https://issues.apache.org/jira/browse/CLOUDSTACK-10319?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16391779#comment-16391779 ] ASF GitHub Bot commented on CLOUDSTACK-10319: - blueorangutan commented on issue #2480: CLOUDSTACK-10319: Prefer TLSv1.2, deprecate TLSv1.0,1.1 URL: https://github.com/apache/cloudstack/pull/2480#issuecomment-371596013 Trillian test result (tid-2342) Environment: kvm-centos7 (x2), Advanced Networking with Mgmt server 7 Total time taken: 22351 seconds Marvin logs: https://github.com/blueorangutan/acs-prs/releases/download/trillian/pr2480-t2342-kvm-centos7.zip Intermitten failure detected: /marvin/tests/smoke/test_host_maintenance.py Intermitten failure detected: /marvin/tests/smoke/test_hostha_kvm.py Smoke tests completed. 66 look OK, 1 have error(s) Only failed tests results shown below: Test | Result | Time (s) | Test File --- | --- | --- | --- test_hostha_enable_ha_when_host_in_maintenance | `Error` | 3.74 | test_hostha_kvm.py This is an automated message from the Apache Git Service. To respond to the message, please log on GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: us...@infra.apache.org > Prefer TLSv1.2 and deprecate TLS 1.0/1.1 > > > Key: CLOUDSTACK-10319 > URL: https://issues.apache.org/jira/browse/CLOUDSTACK-10319 > Project: CloudStack > Issue Type: Bug > Security Level: Public(Anyone can view this level - this is the > default.) >Reporter: Rohit Yadav >Assignee: Rohit Yadav >Priority: Major > Fix For: 4.12.0.0, 4.11.1.0 > > > TLS 1.0 and 1.1 are both recommended to not be used. The aim would be to make > cloudstack prefer tls 1.2. -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Commented] (CLOUDSTACK-10319) Prefer TLSv1.2 and deprecate TLS 1.0/1.1
[ https://issues.apache.org/jira/browse/CLOUDSTACK-10319?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16391712#comment-16391712 ] ASF GitHub Bot commented on CLOUDSTACK-10319: - blueorangutan commented on issue #2480: CLOUDSTACK-10319: Prefer TLSv1.2, deprecate TLSv1.0,1.1 URL: https://github.com/apache/cloudstack/pull/2480#issuecomment-371582209 Trillian test result (tid-2343) Environment: vmware-65 (x2), Advanced Networking with Mgmt server 7 Total time taken: 19726 seconds Marvin logs: https://github.com/blueorangutan/acs-prs/releases/download/trillian/pr2480-t2343-vmware-65.zip Intermitten failure detected: /marvin/tests/smoke/test_public_ip_range.py Intermitten failure detected: /marvin/tests/smoke/test_reset_vm_on_reboot.py Intermitten failure detected: /marvin/tests/smoke/test_router_dhcphosts.py Intermitten failure detected: /marvin/tests/smoke/test_router_dns.py Intermitten failure detected: /marvin/tests/smoke/test_router_dnsservice.py Intermitten failure detected: /marvin/tests/smoke/test_routers_iptables_default_policy.py Intermitten failure detected: /marvin/tests/smoke/test_routers_network_ops.py Intermitten failure detected: /marvin/tests/smoke/test_routers.py Intermitten failure detected: /marvin/tests/smoke/test_scale_vm.py Intermitten failure detected: /marvin/tests/smoke/test_secondary_storage.py Intermitten failure detected: /marvin/tests/smoke/test_service_offerings.py Intermitten failure detected: /marvin/tests/smoke/test_snapshots.py Intermitten failure detected: /marvin/tests/smoke/test_ssvm.py Intermitten failure detected: /marvin/tests/smoke/test_templates.py Intermitten failure detected: /marvin/tests/smoke/test_usage.py Intermitten failure detected: /marvin/tests/smoke/test_vm_life_cycle.py Intermitten failure detected: /marvin/tests/smoke/test_vm_snapshots.py Intermitten failure detected: /marvin/tests/smoke/test_volumes.py Intermitten failure detected: /marvin/tests/smoke/test_vpc_redundant.py Intermitten failure detected: /marvin/tests/smoke/test_vpc_router_nics.py Intermitten failure detected: /marvin/tests/smoke/test_vpc_vpn.py Intermitten failure detected: /marvin/tests/smoke/test_host_maintenance.py Smoke tests completed. 46 look OK, 21 have error(s) Only failed tests results shown below: Test | Result | Time (s) | Test File --- | --- | --- | --- ContextSuite context=TestResetVmOnReboot>:setup | `Error` | 0.00 | test_reset_vm_on_reboot.py ContextSuite context=TestRouterDHCPHosts>:setup | `Error` | 0.00 | test_router_dhcphosts.py ContextSuite context=TestRouterDHCPOpts>:setup | `Error` | 0.00 | test_router_dhcphosts.py ContextSuite context=TestRouterDns>:setup | `Error` | 0.00 | test_router_dns.py ContextSuite context=TestRouterDnsService>:setup | `Error` | 0.00 | test_router_dnsservice.py ContextSuite context=TestRouterIpTablesPolicies>:setup | `Error` | 0.00 | test_routers_iptables_default_policy.py ContextSuite context=TestVPCIpTablesPolicies>:setup | `Error` | 0.00 | test_routers_iptables_default_policy.py test_01_isolate_network_FW_PF_default_routes_egress_true | `Error` | 0.21 | test_routers_network_ops.py test_02_isolate_network_FW_PF_default_routes_egress_false | `Error` | 0.22 | test_routers_network_ops.py ContextSuite context=TestRedundantIsolateNetworks>:setup | `Error` | 1.41 | test_routers_network_ops.py ContextSuite context=TestRouterServices>:setup | `Error` | 0.00 | test_routers.py ContextSuite context=TestScaleVm>:setup | `Error` | 0.00 | test_scale_vm.py test_01_sys_vm_start | `Failure` | 0.24 | test_secondary_storage.py test_02_sys_template_ready | `Failure` | 0.23 | test_secondary_storage.py ContextSuite context=TestServiceOfferings>:setup | `Error` | 0.19 | test_service_offerings.py ContextSuite context=TestSnapshotRootDisk>:setup | `Error` | 0.00 | test_snapshots.py test_01_list_sec_storage_vm | `Failure` | 0.04 | test_ssvm.py test_02_list_cpvm_vm | `Failure` | 0.04 | test_ssvm.py test_03_ssvm_internals | `Failure` | 0.04 | test_ssvm.py test_04_cpvm_internals | `Failure` | 0.04 | test_ssvm.py test_05_stop_ssvm | `Failure` | 0.04 | test_ssvm.py test_06_stop_cpvm | `Failure` | 0.04 | test_ssvm.py test_07_reboot_ssvm | `Failure` | 0.07 | test_ssvm.py test_08_reboot_cpvm | `Failure` | 0.04 | test_ssvm.py test_09_destroy_ssvm | `Failure` | 0.04 | test_ssvm.py test_10_destroy_cpvm | `Failure` | 0.04 | test_ssvm.py test_02_create_template_with_checksum_sha1 | `Error` | 65.46 | test_templates.py test_03_create_template_with_checksum_sha256 | `Error` | 65.58 | test_templates.py test_04_create_template_with_checksum_md5 | `Error` | 65.50 | test_templates.py test_05_create_template_with_no_checksum | `Error` | 65.55 | test_templates.py ContextSuite context=
[jira] [Commented] (CLOUDSTACK-10319) Prefer TLSv1.2 and deprecate TLS 1.0/1.1
[ https://issues.apache.org/jira/browse/CLOUDSTACK-10319?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16391193#comment-16391193 ] ASF GitHub Bot commented on CLOUDSTACK-10319: - blueorangutan commented on issue #2480: CLOUDSTACK-10319: Prefer TLSv1.2, deprecate TLSv1.0,1.1 URL: https://github.com/apache/cloudstack/pull/2480#issuecomment-371476050 @rhtyd a Trillian-Jenkins matrix job (centos6 mgmt + xs71, centos7 mgmt + vmware65, centos7 mgmt + kvmcentos7) has been kicked to run smoke tests This is an automated message from the Apache Git Service. To respond to the message, please log on GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: us...@infra.apache.org > Prefer TLSv1.2 and deprecate TLS 1.0/1.1 > > > Key: CLOUDSTACK-10319 > URL: https://issues.apache.org/jira/browse/CLOUDSTACK-10319 > Project: CloudStack > Issue Type: Bug > Security Level: Public(Anyone can view this level - this is the > default.) >Reporter: Rohit Yadav >Assignee: Rohit Yadav >Priority: Major > Fix For: 4.12.0.0, 4.11.1.0 > > > TLS 1.0 and 1.1 are both recommended to not be used. The aim would be to make > cloudstack prefer tls 1.2. -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Commented] (CLOUDSTACK-10319) Prefer TLSv1.2 and deprecate TLS 1.0/1.1
[ https://issues.apache.org/jira/browse/CLOUDSTACK-10319?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16391191#comment-16391191 ] ASF GitHub Bot commented on CLOUDSTACK-10319: - rhtyd commented on issue #2480: CLOUDSTACK-10319: Prefer TLSv1.2, deprecate TLSv1.0,1.1 URL: https://github.com/apache/cloudstack/pull/2480#issuecomment-371475811 @blueorangutan test matrix This is an automated message from the Apache Git Service. To respond to the message, please log on GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: us...@infra.apache.org > Prefer TLSv1.2 and deprecate TLS 1.0/1.1 > > > Key: CLOUDSTACK-10319 > URL: https://issues.apache.org/jira/browse/CLOUDSTACK-10319 > Project: CloudStack > Issue Type: Bug > Security Level: Public(Anyone can view this level - this is the > default.) >Reporter: Rohit Yadav >Assignee: Rohit Yadav >Priority: Major > Fix For: 4.12.0.0, 4.11.1.0 > > > TLS 1.0 and 1.1 are both recommended to not be used. The aim would be to make > cloudstack prefer tls 1.2. -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Commented] (CLOUDSTACK-10319) Prefer TLSv1.2 and deprecate TLS 1.0/1.1
[ https://issues.apache.org/jira/browse/CLOUDSTACK-10319?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16391170#comment-16391170 ] ASF GitHub Bot commented on CLOUDSTACK-10319: - blueorangutan commented on issue #2480: CLOUDSTACK-10319: Prefer TLSv1.2, deprecate TLSv1.0,1.1 URL: https://github.com/apache/cloudstack/pull/2480#issuecomment-371472343 Packaging result: ✔centos6 ✔centos7 ✔debian. JID-1765 This is an automated message from the Apache Git Service. To respond to the message, please log on GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: us...@infra.apache.org > Prefer TLSv1.2 and deprecate TLS 1.0/1.1 > > > Key: CLOUDSTACK-10319 > URL: https://issues.apache.org/jira/browse/CLOUDSTACK-10319 > Project: CloudStack > Issue Type: Bug > Security Level: Public(Anyone can view this level - this is the > default.) >Reporter: Rohit Yadav >Assignee: Rohit Yadav >Priority: Major > Fix For: 4.12.0.0, 4.11.1.0 > > > TLS 1.0 and 1.1 are both recommended to not be used. The aim would be to make > cloudstack prefer tls 1.2. -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Commented] (CLOUDSTACK-10319) Prefer TLSv1.2 and deprecate TLS 1.0/1.1
[ https://issues.apache.org/jira/browse/CLOUDSTACK-10319?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16391129#comment-16391129 ] ASF GitHub Bot commented on CLOUDSTACK-10319: - blueorangutan commented on issue #2480: CLOUDSTACK-10319: Prefer TLSv1.2, deprecate TLSv1.0,1.1 URL: https://github.com/apache/cloudstack/pull/2480#issuecomment-371464336 @rhtyd a Jenkins job has been kicked to build packages. I'll keep you posted as I make progress. This is an automated message from the Apache Git Service. To respond to the message, please log on GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: us...@infra.apache.org > Prefer TLSv1.2 and deprecate TLS 1.0/1.1 > > > Key: CLOUDSTACK-10319 > URL: https://issues.apache.org/jira/browse/CLOUDSTACK-10319 > Project: CloudStack > Issue Type: Bug > Security Level: Public(Anyone can view this level - this is the > default.) >Reporter: Rohit Yadav >Assignee: Rohit Yadav >Priority: Major > Fix For: 4.12.0.0, 4.11.1.0 > > > TLS 1.0 and 1.1 are both recommended to not be used. The aim would be to make > cloudstack prefer tls 1.2. -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Commented] (CLOUDSTACK-10319) Prefer TLSv1.2 and deprecate TLS 1.0/1.1
[ https://issues.apache.org/jira/browse/CLOUDSTACK-10319?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16391126#comment-16391126 ] ASF GitHub Bot commented on CLOUDSTACK-10319: - rhtyd opened a new pull request #2480: CLOUDSTACK-10319: Prefer TLSv1.2, deprecate TLSv1.0,1.1 URL: https://github.com/apache/cloudstack/pull/2480 This deprecates and remove TLS 1.0 and 1.1 from preferred list of protocols and keeps only TLSv1.2. @blueorangutan package This is an automated message from the Apache Git Service. To respond to the message, please log on GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: us...@infra.apache.org > Prefer TLSv1.2 and deprecate TLS 1.0/1.1 > > > Key: CLOUDSTACK-10319 > URL: https://issues.apache.org/jira/browse/CLOUDSTACK-10319 > Project: CloudStack > Issue Type: Bug > Security Level: Public(Anyone can view this level - this is the > default.) >Reporter: Rohit Yadav >Assignee: Rohit Yadav >Priority: Major > Fix For: 4.12.0.0, 4.11.1.0 > > > TLS 1.0 and 1.1 are both recommended to not be used. The aim would be to make > cloudstack prefer tls 1.2. -- This message was sent by Atlassian JIRA (v7.6.3#76005)