Loading...

XML

Word

Printable

Type: Story
Resolution: Duplicate
Priority: Critical
Fix Version/s: None
Affects Version/s: None
Labels:
None

Story Points:
5
Blocked:
False
Blocked Reason:
None
Ready:
False
Epic Link:
Bump openshift-router image to RHEL9
Intelligence Requested:
Market:

Sprint:
Sprint 246, Sprint 247, Sprint 248, Sprint 249
Cost of Delay:
0
WSJF:
0.0

SFDC Cases Links:
SFDC Cases Counter:
SFDC Cases Open:

We need to set upgradeable=false in 4.15 if the router cert is SHA1 because HaProxy with OpenSSL 3.0 is rejecting SHA1 certificates with ca md too weak. (CI failure). Upgradeable=false will prevent users from breaking their openshift-router when upgrading.

Story is just a reminder. This will need to be eventually tracked as bug because it needs to be backported into 4.15 (and you can't easily backport stories/epics).

is duplicated by

OCPBUGS-26498 Router fails to start/reload with SHA1 cert due to OpenSSL 3.0 in RHEL9

ON_QA

Assignee:: Grant Spence

Reporter:: Grant Spence

Doc Contact:: Jessica Manthei

Votes:: 0 Vote for this issue

Watchers:: 3 Start watching this issue

Created:: 2023/12/06 7:12 PM

Updated:: 2024/02/26 8:21 PM

Resolved:: 2024/02/26 4:26 PM

Details

Description

Attachments

Issue Links

Activity

People

Dates

Hide