Juniper Openstack

Incorrect SSL options in python ifmap client

  1. Series r2.0
  2. Bug #1481112
Bug #1481112 reported by Pedro Marques
30
This bug affects 5 people
Affects Status Importance Assigned to Milestone
Juniper Openstack
Status tracked in Trunk
R2.0
Fix Committed
Medium
Pedro Marques
R2.20
Fix Committed
Medium
Pedro Marques
Trunk
Fix Committed
Medium
Pedro Marques
OpenContrail
Fix Committed
Medium
Pedro Marques

Bug Description

The python ifmap code included in the config/common package (via third-party/python-ifmap-client) should use the recommended SSL protocol (TLSv1) and not attempt to specify a particular cipher.

See for instance: http://disablessl3.com.

Specifying a particular cipher causes errors with the most recent JREs.

RROR:cfgm_common.ifmap.client:Uknown error sending IF-MAP message to server [Errno 1] _ssl.c:510: error:14094410:SSL routines:SSL3_READ_BYTES:sslv3 alert handshake failure
ERROR:cfgm_common.ifmap.client:Uknown error sending IF-MAP message to server [Errno 1] _ssl.c:510: error:14094410:SSL routines:SSL3_READ_BYTES:sslv3 alert handshake failure

Tags: config
Revision history for this message
OpenContrail Admin (ci-admin-f) wrote : [Review update] R2.20

Review in progress for https://review.opencontrail.org/12816
Submitter: Pedro Marques (<email address hidden>)

Nagabhushana R (bhushana)
tags: added: config
Changed in juniperopenstack:
importance: Undecided → Medium
Changed in opencontrail:
importance: Undecided → Medium
Changed in juniperopenstack:
assignee: nobody → Pedro Marques (5-roque)
Changed in opencontrail:
assignee: nobody → Pedro Marques (5-roque)
Revision history for this message
Pramod Venkatesh (pramod-venkatesh) wrote :

Will this fix be made available in R2.1 or i need to raise a seperate bug id for that

Revision history for this message
OpenContrail Admin (ci-admin-f) wrote : A change has been merged

Reviewed: https://review.opencontrail.org/12816
Committed: http://github.org/Juniper/contrail-third-party/commit/070e901914b14a4d0893dd92f582bb5c1496c906
Submitter: Zuul
Branch: R2.20

commit 070e901914b14a4d0893dd92f582bb5c1496c906
Author: Pedro Marques <email address hidden>
Date: Mon Aug 3 23:30:04 2015 +0000

Use TLSv1 for SSL and don't try to specify a cipher.

Closes-Bug: #1481112

Change-Id: Ifc1e9e24ef2b9a1b6ffa89d542b2fdeddce20f06

Revision history for this message
OpenContrail Admin (ci-admin-f) wrote : [Review update] master

Review in progress for https://review.opencontrail.org/13397
Submitter: Karl Klashinsky (<email address hidden>)

Revision history for this message
OpenContrail Admin (ci-admin-f) wrote : A change has been merged

Reviewed: https://review.opencontrail.org/13397
Committed: http://github.org/Juniper/contrail-third-party/commit/4c0150b5fbce2e036e1b60881e8078cd0e7db632
Submitter: Zuul
Branch: master

commit 4c0150b5fbce2e036e1b60881e8078cd0e7db632
Author: Pedro Marques <email address hidden>
Date: Mon Aug 3 23:30:04 2015 +0000

Use TLSv1 for SSL and don't try to specify a cipher.

Closes-Bug: #1481112

Change-Id: Ifc1e9e24ef2b9a1b6ffa89d542b2fdeddce20f06

Pedro Marques (5-roque)
Changed in opencontrail:
status: New → Fix Committed
Revision history for this message
OpenContrail Admin (ci-admin-f) wrote : [Review update] R2.0

Review in progress for https://review.opencontrail.org/13746
Submitter: Hampapur Ajay (<email address hidden>)

Revision history for this message
OpenContrail Admin (ci-admin-f) wrote : A change has been merged

Reviewed: https://review.opencontrail.org/13746
Committed: http://github.org/Juniper/contrail-third-party/commit/b6aa8829cfd98a4ec82cbdc7552ab5973d394e65
Submitter: Zuul
Branch: R2.0

commit b6aa8829cfd98a4ec82cbdc7552ab5973d394e65
Author: Hampapur Ajay <email address hidden>
Date: Thu Sep 10 13:55:15 2015 -0700

Use TLSv1 for SSL and don't try to specify a cipher.

Change-Id: I408f39d71e4761820e3156d6df3adfa0a0310ce0
Closes-Bug: #1481112

To post a comment you must log in.
This report contains Public information  
Everyone can see this information.

Duplicates of this bug

Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.