-
Bug
-
Resolution: Duplicate
-
None
-
None
-
Quality / Stability / Reliability
-
False
-
-
False
-
CLOSED
-
-
-
Moderate
-
None
Description of problem:
-----------------------
When HCO is set with crypto policy profile 'Old' or 'Custom' profile with minTLSVersion as 'VersionTLS11', the connection doesn't uses as TLSv1.1
Version-Release number of selected component (if applicable):
-------------------------------------------------------------
CNV v4.12.0
How reproducible:
-----------------
Always
Steps to Reproduce:
-------------------
1. Set HCO crypto profile as Old (hco.spec.tlsSecurityProfile)
2. Validate the connection to make sure that the connection uses TLS v1.1
a. From one of the nodes execute:
- echo | openssl s_client -connect <ip>:<port> --tls1_1
Actual results:
---------------
With openssl results the cipher is NONE. This means no TLS v1.1 is supported.
Expected results:
-----------------
With openssl results, TLS v1.1 should be supported
Additional info:
-----------------
Simone has already investigated in to this issue.
Here are some information about RCA:
<snip>
In the downstream build we have a file named /etc/crypto-policies/back-ends/opensslcnf.config
which forces TLS.MinProtocol = TLSv1.2
</snip>
- duplicates
-
-
- Closed
-
- external trackers
