----- Original Message ----- > From: "ybronhei" <[email protected]> > To: "Alon Bar-Lev" <[email protected]> > Cc: "knarra" <[email protected]>, [email protected], "Dima Kuznetsov" > <[email protected]> > Sent: Sunday, April 12, 2015 12:17:03 PM > Subject: Re: [ovirt-users] Issue with vdsm on EL6 nodes > > On 04/07/2015 04:45 PM, Alon Bar-Lev wrote: > > > > > > ----- Original Message ----- > >> From: "knarra" <[email protected]> > >> To: "Alon Bar-Lev" <[email protected]> > >> Cc: [email protected] > >> Sent: Tuesday, April 7, 2015 3:39:58 PM > >> Subject: Re: [ovirt-users] Issue with vdsm on EL6 nodes > >> > >> On 04/07/2015 05:58 PM, Alon Bar-Lev wrote: > >>> > >>> ----- Original Message ----- > >>>> From: "knarra" <[email protected]> > >>>> To: "Alon Bar-Lev" <[email protected]> > >>>> Cc: [email protected] > >>>> Sent: Tuesday, April 7, 2015 3:25:07 PM > >>>> Subject: Re: [ovirt-users] Issue with vdsm on EL6 nodes > >>>> > >>>> On 04/07/2015 05:50 PM, Alon Bar-Lev wrote: > >>>>> ----- Original Message ----- > >>>>>> From: "knarra" <[email protected]> > >>>>>> To: [email protected] > >>>>>> Sent: Tuesday, April 7, 2015 3:15:12 PM > >>>>>> Subject: [ovirt-users] Issue with vdsm on EL6 nodes > >>>>>> > >>>>> <snip> > >>>>> > >>>>>> SSLError: [Errno 1] _ssl.c:1390: error:1409442E:SSL > >>>>>> routines:SSL3_READ_BYTES:tlsv1 alert protocol version > >>>>>> > >>>>>> Can some one help me to resolve this issue. > >>>>> your openssl is patched to disable ssv3, and engine is trying to > >>>>> communicate using sslv3. > >>>>> > >>>>> please upgrade engine to latest z-stream, it should be resolved. > >>>> Hi Alon, > >>>> > >>>> I checked the following value in my database and my engine is > >>>> using > >>>> TLSv1 and not sslv3 to comminucate. I am on 3.6 master branch. > >>>> > >>>> engine=# select option_name,option_value from vdc_options where > >>>> option_name = 'VdsmSSLProtocol'; > >>>> option_name | option_value > >>>> -----------------+-------------- > >>>> VdsmSSLProtocol | TLSv1 > >>>> (1 row) > >>> hmmm.... and you say you get this when you use vdsClient, so maybe it > >>> tries > >>> to connect using sslv3. > >>> > >>> is engine working proberly? > >> yes, engine works fine, i have few other nodes where i have the same > >> vdsm version added to same engine and i do not hit this issue there. I > >> am just wondering how is this happening. > >> > > > > compare openssl version. > > > > yaniv, please fix the vdsClient to use TLSv1 > > > should it use v1 always (forcefully)? we can do that, but currently it > chooses the highest version both parties are able to use
it looks like it uses SSLv3 per this report. _______________________________________________ Users mailing list [email protected] http://lists.ovirt.org/mailman/listinfo/users
