Hi, legacy ciphers and protocols are disabled on EL8 by default, for more information please take a look at crypto-policies:
https://access.redhat.com/articles/3666211 https://access.redhat.com/articles/3642912 So in theory if you switch to LEGACY crypto-policy on ovirt-engine machine, you could be able to use TLSv1, but we have never tested it and we highly recommend to use only TLSv1.2 or newer. Regards, Martin On Fri, Aug 7, 2020 at 2:11 PM Jiří Sléžka <[email protected]> wrote: > Hello, > > better start new thread... > > it looks like tls1.0 is not supported anymore in > ovirt-engine-extension-aaa-ldap > > I just migrated engine from 4.3 to 4.4 and cannot use my ldap profile > because > > server_error: The connection reader was unable to successfully complete > TLS negotiation: SSLHandshakeException(The server selected protocol > version TLS10 is not accepted by client preferences [TLS12]), > ldapSDKVersion=4.0.14, revision=c0fb784eebf9d36a67c736d0428fb3577f2e25bb > > but when I try to force tls 1.0 by setting > > ... > pool.default.ssl.startTLS = true > pool.default.ssl.startTLSProtocol = TLSv1 > ... > > I got > > server_error: The connection reader was unable to successfully complete > TLS negotiation: SSLHandshakeException(No appropriate protocol (protocol > is disabled or cipher suites are inappropriate)), ldapSDKVersion=4.0.14, > revision=c0fb784eebf9d36a67c736d0428fb3577f2e25bb > > I can't switch to something better on server side, is it possible to > allow weak ciphers/protocols on client side? > > Thanks in advance, > > Jiri > > > _______________________________________________ > Users mailing list -- [email protected] > To unsubscribe send an email to [email protected] > Privacy Statement: https://www.ovirt.org/privacy-policy.html > oVirt Code of Conduct: > https://www.ovirt.org/community/about/community-guidelines/ > List Archives: > https://lists.ovirt.org/archives/list/[email protected]/message/CBVIAEO3R4BQNJ5453O2D5NJH7FQ7YGR/ > -- Martin Perina Manager, Software Engineering Red Hat Czech s.r.o.
_______________________________________________ Users mailing list -- [email protected] To unsubscribe send an email to [email protected] Privacy Statement: https://www.ovirt.org/privacy-policy.html oVirt Code of Conduct: https://www.ovirt.org/community/about/community-guidelines/ List Archives: https://lists.ovirt.org/archives/list/[email protected]/message/IOMG3R7W3RTGWNEIDRYEVHSWLUGCFZMJ/
