c9s: ssh via floating ip fails with openssl-3.0.1-12
Bug #1962507 reported by
Takashi Kajinami
This bug affects 1 person
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
puppet-openstack-integration |
Fix Released
|
Critical
|
Unassigned |
Bug Description
Currently tempest tests are always failing in CentOS 9 Stream integration job, because of the failure with ssh connection via floating ip.
The same issue was earlier reported in TripleO.
description: | updated |
Changed in puppet-openstack-integration: | |
importance: | Undecided → Critical |
To post a comment you must log in.
It looks like ssh + rsa key doesn't work with the latest openssl,
and it's likely that the issue is related to the recent change to disable SHA1 by default.
https:/ /centos. pkgs.org/ 9-stream/ centos- baseos- x86_64/ openssl- 3.0.1-12. el9.x86_ 64.rpm. html
~~~
2022-02-24 - Peter Robinson <email address hidden> - 1:3.0.1-12
- Support KBKDF (NIST SP800-108) with an R value of 8bits
- Resolves: rhbz#2027261
2022-02-23 - Clemens Lang <email address hidden> - 1:3.0.1-11
- Allow SHA1 usage in MGF1 for RSASSA-PSS signatures
- Resolves: rhbz#2031742
2022-02-23 - Dmitry Belyavskiy <email address hidden> - 1:3.0.1-10
- rebuilt
2022-02-22 - Clemens Lang <email address hidden> - 1:3.0.1-9
- Allow SHA1 usage in HMAC in TLS
- Resolves: rhbz#2031742
2022-02-22 - Dmitry Belyavskiy <email address hidden> - 1:3.0.1-8
- OpenSSL will generate keys with prime192v1 curve if it is provided using explicit parameters
- Resolves: rhbz#1977867
- pkcs12 export broken in FIPS mode
- Resolves: rhbz#2049265
2022-02-22 - Clemens Lang <email address hidden> - 1:3.0.1-8 sha1-signatures = yes to re-enable
- Disable SHA1 signature creation and verification by default
- Set rh-allow-
- Resolves: rhbz#2031742
2022-02-03 - Sahana Prasad <email address hidden> - 1:3.0.1-7
- s_server: correctly handle 2^14 byte long records
- Resolves: rhbz#2042011
2022-02-01 - Dmitry Belyavskiy <email address hidden> - 1:3.0.1-6
- Adjust FIPS provider version
- Related: rhbz#2026445
~~~~
I've tested the ecdsa key and now ssh succeeds during tempest tests.
https:/ /review. opendev. org/c/openstack /puppet- openstack- integration/ +/831322