Pacemaker allows SSLv3 TLSv1.0 and TLSv1.1 on control ports for bundle resources, listens on all IP addresses and uses pre-shared key authentication in Red Hat OpenStack Platform 13

Solution In Progress - Updated -

Issue

  • SSLv3 TLS1.0 and TLS1.1 connections are accepted on open ports 3122, 3123 and 3124 on the controller nodes. These ports being the control ports for the different resources:
[root@overcloud-controller-0 ~]#   cibadmin -Q | grep control-port
        <network control-port="3122"/>
        <network control-port="3123"/>
        <network control-port="3124"/>
        <network control-port="3125"/>
  • Connections are accepted over all internal and external networks.

  • Cipher suites use pre-shared key authentication

Environment

  • Red Hat OpenStack Platform 13
  • Red Hat Enterprise Linux 7.7

Subscriber exclusive content

A Red Hat subscription provides unlimited access to our knowledgebase of over 48,000 articles and solutions.

Current Customers and Partners

Log in for full access

Log In