perfsonar-user - Re: [perfsonar-user] AW: Automatic yum update changed the ssl.conf file
Subject: perfSONAR User Q&A and Other Discussion
List archive
- From: Doug Wussler <>
- To: "Garnizov, Ivan" <>, Darryl K Wohlt <>, "" <>
- Subject: Re: [perfsonar-user] AW: Automatic yum update changed the ssl.conf file
- Date: Fri, 9 Nov 2018 13:13:03 +0000
- Accept-language: en-US
- Authentication-results: spf=none (sender IP is ) ;
- Ironport-phdr: 9a23:aDWSjxAzrjf8aJGuDXdwUyQJP3N1i/DPJgcQr6AfoPdwSP35p8+wAkXT6L1XgUPTWs2DsrQY07WQ6/iocFdDyK7JiGoFfp1IWk1NouQttCtkPvS4D1bmJuXhdS0wEZcKflZk+3amLRodQ56mNBXdrXKo8DEdBAj0OxZrKeTpAI7SiNm82/yv95HJbAhEmDiwbaluIBmqsA7cqtQYjYx+J6gr1xDHuGFIe+NYxWNpIVKcgRPx7dqu8ZBg7ipdpesv+9ZPXqvmcas4S6dYDCk9PGAu+MLrrxjDQhCR6XYaT24bjwBHAwnB7BH9Q5fxri73vfdz1SWGIcH7S60/VC+85Kl3VhDnlCYHNyY48G7JjMxwkLlbqw+lqxBm3oLYfJ2ZOP94c6zTZ9MaQXdKUNhXWSJPH4iwa5IDAusEMetesoLzpUYBrQGmCAesGu3h1yNIiHH10607z+suHhrL0xY8E9ILqnnYsMn5OaUUXOuozKfI1zLDb/ZO1Dnz74jIbx8hquyMUrJtasrR0k0vGB3fjl6NroHqIjSV1vkCs2SB4etgSPmvi3Ujqw5vuDii3cksipLUho4P1F/L6Dh5zZ8zKNalRkB7ZtukH4FRtyGcL4Z2Q8UiQ312tyYgzL0Jp4K7cDYQxJs52hHfduSLc4aO4h35UOadOzh4hHV7eL6niBay8FSgyu3hVsavylpFsi1FktzUunAVzRzT7c+HSvVl/kem2DaP0RzT5vtYLkAzkKrXM5AhzaQtlpYJrEvMACn7k1j1gq+Obkgo5PKn5/j6brjju5OQKpJ4hwTwMqkhhsCzHeE1MgYQUGWU9umx0bju8EznTLhKlvE6j7fVvZPAKcgGpaO0AhVZ34gt5hqlETuqzMgUkWEJLF1bex+Lk43kNlTQL/33Efuyh1Ghnyxoyv3JO7DsBpfAImTNkLrkZrlw6VBQxxY1wNtC/ZxbEKsBL+j2WkLptNzXEBs5Mwuszuj/FNhz0Z8SVXyWDqGEKK3erEaE5uU0LOaSfoMVvyv9K+Q+6P7pkH85n0IScbOx3ZsNb3C4AuppLFmFYXrthdcBF30Gvg0jTOz2jF2CVjlTZ3WoU60g4TE7DZqqDYbFRo+znLyMxDm3EYdKamxbD12ADGrke5iBVvcCZy+ePtNtnzkKVbe/RIIs2hSjuQr7xrZ5LufY4igYuoji1Nhx6e3TjxYy9TlsAsuA1GGNUm50knkGRj8rx6B/ukh9xUmZ0aVjjfxYDsFT6+lXXQgnKJ7Q1/Z6BMzqWgLdYteJT06rQs24DjErQNIx2NgOY0BnFNW4lxzDwjGqDKEPl7GQAJw087nc32TqJ8pj0XrG1a8hj0U4TctVM22pmLJ/+xbJC4HXjkqZivXiSaNJlgHE7mGC322Q+Al5Tgd2G+2RXG4WYA3ZpM7/51HFUZegAKlhPgYXjYauI7FQe9mhrh15Q/fnJJyKb2urgXa0LRiOz7fKY430LSFVlj3QEkYflAYa5zOeLk0jHSq7uErfCiBjD1Tifxmq/OVj4jvvVkIuwRqNaUR7kqKuvwMOiOaHY/IVwr8evio98XN5EEvrjPzMDN/Viw18c+1jfMgm5FpdnTbVsBFyeIO9NLtmi0Q2fR9q+U7iykMkWc17jcE2oSZyn0JJIqWC3QYELmvGh8qiM6DLKmT04BGkYrLX3VebytuN56MT86pj+U77slSvEUwvuzV83t9Z3mHUx62CDRFaEPeTGl0y6wA8orjbZicn4IaB2XpxPu+rryTZ398zLOU+11Ctc8oMeK4=
- Spamdiagnosticmetadata: NSPM
- Spamdiagnosticoutput: 1:99
|
I believe this is the same issue I reported in December last year. For that email discussion see: https://lists.internet2.edu/sympa/arc/perfsonar-user/2017-12/msg00076.html For the GitHub issue, see
https://github.com/perfsonar/toolkit/issues/291 Bottom line: The SSL.CONF file distributed with PerfSonar needs to be changed. The SSLProtocol and SSLCipherSuite settings need to be moved outside the VirtualHost. That way, individual deployments can override the default settings with
customized configuration files. As the file is now distributed, these settings are being place inside the VirtualHost and thus cannot be overridden by a customized config file. Doug Doug Wussler Florida State University From: <> on behalf of "Garnizov, Ivan" <> Hello Darryl, Could you please provide more information about your installation? Is this a pS Toolkit, pS Testpoint or is this Central management deployment, other? Please keep in mind, that the pS Toolkit is delivered as a full featured product to a lot of users with different skill levels and different use cases. Still to better understand your issue we need to know at
least what is installed on your machine. Regards, Ivan Garnizov GEANT SA1T2: pS deployments GN Operations GEANT SA2T3: pS development team GEANT SA3T5: eduPERT team Jubiläumsjahr 2018 - IT in Bewegung Das RRZE - der IT-Dienstleister der FAU Von: [mailto:]
Im Auftrag von Darryl K Wohlt I received an alert from our computer security group saying that my PS instance “supports the use of TLS 1.0&1.1 and/or 3DES in one or more cipher suites.” This is a big deal at our site. When I upgraded this host in late October I made sure to update ssl.conf to allow only TLSv1.2. After this alert I checked it again, and found it was modified (replaced?) at the same time an automatic yum update occurred. This has happened
before. Can we please not modify this file during updates? Thanks Darryl K. Wohlt Network Architect I CCD/NCS/Network Services Fermi National Accelerator Laboratory P.O. Box 500, MS 368 Batavia, Illinois 60510 USA 630 840 2901 office 630 945 5687 mobile |
- Re: [perfsonar-user] AW: Automatic yum update changed the ssl.conf file, Doug Wussler, 11/09/2018
- Re: [perfsonar-user] AW: Automatic yum update changed the ssl.conf file, Alex Hsia, 11/09/2018
- Re: [perfsonar-user] AW: Automatic yum update changed the ssl.conf file, Michael Johnson, 11/09/2018
- Re: [perfsonar-user] AW: Automatic yum update changed the ssl.conf file, Alex Hsia, 11/09/2018
- Re: [perfsonar-user] AW: Automatic yum update changed the ssl.conf file, Andrew Lake, 11/09/2018
- Re: [perfsonar-user] AW: Automatic yum update changed the ssl.conf file, Doug Wussler, 11/09/2018
- Re: [perfsonar-user] AW: Automatic yum update changed the ssl.conf file, Andrew Lake, 11/09/2018
- Re: [perfsonar-user] AW: Automatic yum update changed the ssl.conf file, Doug Wussler, 11/09/2018
- Re: [perfsonar-user] AW: Automatic yum update changed the ssl.conf file, Andrew Lake, 11/09/2018
- Re: [perfsonar-user] AW: Automatic yum update changed the ssl.conf file, Doug Wussler, 11/09/2018
- Re: [perfsonar-user] AW: Automatic yum update changed the ssl.conf file, Michael Johnson, 11/09/2018
- Re: [perfsonar-user] AW: Automatic yum update changed the ssl.conf file, Alex Hsia, 11/09/2018
Archive powered by MHonArc 2.6.19.