Pacemaker allows SSLv3 TLSv1.0 and TLSv1.1 on control ports for bundle resources, listens on all IP addresses and uses pre-shared key authentication in Red Hat OpenStack Platform 13

Solution In Progress - Updated -

Issue

  • SSLv3 TLS1.0 and TLS1.1 connections are accepted on open ports 3122, 3123 and 3124 on the controller nodes. These ports being the control ports for the different resources:
[root@overcloud-controller-0 ~]#   cibadmin -Q | grep control-port
        <network control-port="3122"/>
        <network control-port="3123"/>
        <network control-port="3124"/>
        <network control-port="3125"/>

  • Connections are accepted over all internal and external networks.

  • Cipher suites use pre-shared key authentication

Environment

  • Red Hat OpenStack Platform 13
  • Red Hat Enterprise Linux 7.7

Subscriber exclusive content

A Red Hat subscription provides unlimited access to our knowledgebase, tools, and much more.

Current Customers and Partners

Log in for full access

Log In

New to Red Hat?

Learn more about Red Hat subscriptions

Using a Red Hat product through a public cloud?

How to access this content