Pacemaker allows SSLv3 TLSv1.0 and TLSv1.1 on control ports for bundle resources, listens on all IP addresses and uses pre-shared key authentication in Red Hat OpenStack Platform 13
Issue
- SSLv3 TLS1.0 and TLS1.1 connections are accepted on open ports 3122, 3123 and 3124 on the controller nodes. These ports being the control ports for the different resources:
[root@overcloud-controller-0 ~]# cibadmin -Q | grep control-port
<network control-port="3122"/>
<network control-port="3123"/>
<network control-port="3124"/>
<network control-port="3125"/>
-
Connections are accepted over all internal and external networks.
-
Cipher suites use pre-shared key authentication
Environment
- Red Hat OpenStack Platform 13
- Red Hat Enterprise Linux 7.7
Subscriber exclusive content
A Red Hat subscription provides unlimited access to our knowledgebase, tools, and much more.