Loading...

XML

Word

Printable

Type: Bug
Resolution: Done
Priority: Normal
Fix Version/s: rhel-9.5
Affects Version/s: rhel-9.5
Component/s: ktls-utils
Labels:
- NVME_NETAPP

Regression:
None
Severity:
None
Epic Link:
RHELPLAN-53660
Commit Hashes:
ktls: restrict hash functions to supported sizes - https://github.com/oracle/ktls-utils/commit/f28f084fda537f82d99ca3a8f6e45638f95870e8

Pool Team:

sst_filesystems
Sub-System Group:

ssg_platform_storage

Dev Target Milestone:
12
Internal Target Milestone:
20
Story Points:
2
ACKs Check:

QE ack, Dev ack
Blocked:
False
Blocked Reason:

Hide

None

Show
None
Product Documentation Required:
None
Sprint:
None

Preliminary Testing:
None
Test Coverage:
None

Architecture:

All

SFDC Cases Counter:
SFDC Cases Open:
SFDC Cases Links:

Planning:
None

Description:
Linux NVMe/TCP currently sends multiple options for cipher suites in the TLS ClientHello message. This could be a problem if the target OpenSSL server picks a cipher suite that does not correspond to the PSK identity. So the ask here is to ensure the Linux NVMe/TCP host sends a single cipher suite alone that corresponds to the PSK identity in its TLS CLientHello message to avoid a potential TLS handshake failure.

duplicates

RHEL-39442 Upgrade ktls-utils

Release Pending

Assignee:: Steve Dickson

Reporter:: Martin George

Contributing Groups:: NetApp Confidential Group

Developer:: Steve Dickson

QA Contact:: Yongcheng Yang

Votes:: 0 Vote for this issue

Watchers:: 14 Start watching this issue

Created:: 2024/03/05 4:31 PM

Updated:: 2024/07/15 2:26 AM

Resolved:: 2024/07/15 2:26 AM

Dev Target end:: 2024/05/24

Target end:: 2024/07/15

Details

Description

Attachments

Issue Links

Activity

People

Dates