Project

General

Profile

Actions
Copy link

Bug #50932

closed

rgw: beast: lack of TLS settings

Added by Konstantin Shalygin almost 3 years ago. Updated over 1 year ago.

Status:
Resolved
Priority:
High
Assignee:
Mykola Golub
Target version:
-
% Done:

0%

Source:
Community (dev)
Tags:
beast backport_processed
Backport:
pacific octopus nautilus
Regression:
Yes
Severity:
3 - minor
Reviewed:
Affected Versions:
Ceph - v14.2.19, Ceph - v14.2.20, Ceph - v14.2.21
ceph-qa-suite:
Pull request ID:
41579
Crash signature (v1):
Crash signature (v2):

Description

Currently Beast frontend is lack of TLS options
For example our production civetweb run with options:

"civetweb port=0.0.0.0:80r+443s enable_keep_alive=yes ssl_protocol_version=4 ssl_certificate=/etc/pki/tls/private/prod.pem ssl_cipher_list=ECDHE-ECDSA-CHACHA20-POLY1305"

Also lack of keepalive: https://tracker.ceph.com/issues/48402

Mark as regression, cause civetweb dropped in master

Related issues 4 (0 open4 closed)

Related to rgw - Bug #50765: impossible to disable TLS 1.0 and 1.1Duplicate

Actions
Copied to rgw - Backport #51698: octopus: rgw: beast: lack of TLS settingsResolvedMykola GolubActions
Copied to rgw - Backport #51699: pacific: rgw: beast: lack of TLS settingsResolvedKonstantin ShalyginActions
Copied to rgw - Backport #51726: nautilus: rgw: beast: lack of TLS settingsRejectedMykola GolubActions
Actions
Copy link
 #1

Updated by Casey Bodley almost 3 years ago

there's some discussion about configuring the protocols and ciphers in https://github.com/ceph/ceph/pull/41384

Actions
Copy link
 #2

Updated by Casey Bodley almost 3 years ago

  • Related to Bug #50765: impossible to disable TLS 1.0 and 1.1 added
Actions
Copy link
 #3

Updated by Mykola Golub almost 3 years ago

  • Status changed from New to In Progress
  • Assignee set to Mykola Golub
Actions
Copy link
 #4

Updated by Mykola Golub almost 3 years ago

  • Status changed from In Progress to Fix Under Review
  • Pull request ID set to 41579
Actions
Copy link
 #5

Updated by Mykola Golub almost 3 years ago

  • Backport set to pacific,octopus,nautilus
Actions
Copy link
 #6

Updated by Casey Bodley almost 3 years ago

  • Status changed from Fix Under Review to Pending Backport
  • Backport changed from pacific,octopus,nautilus to pacific octopus
Actions
Copy link
 #7

Updated by Backport Bot almost 3 years ago

  • Copied to Backport #51698: octopus: rgw: beast: lack of TLS settings added
Actions
Copy link
 #8

Updated by Backport Bot almost 3 years ago

  • Copied to Backport #51699: pacific: rgw: beast: lack of TLS settings added
Actions
Copy link
 #9

Updated by Mykola Golub almost 3 years ago

Hi Casey,

We have plans to backport this to our nautilus based product. For this reason it would be much better for us if this is also backported to nautilus upstream branch, even if the upstream doesn't plan to cut a release any more.

Do you mind if I create the backport ticket and PR for nautilus too? I suppose for nautilus we could backport only the patch that adds a possibility to modify ssl options, without changing the default behaviour.

Actions
Copy link
 #10

Updated by Mykola Golub almost 3 years ago

  • Backport changed from pacific octopus to pacific octopus nautilus
Actions
Copy link
 #11

Updated by Backport Bot almost 3 years ago

  • Copied to Backport #51726: nautilus: rgw: beast: lack of TLS settings added
Actions
Copy link
 #12

Updated by Backport Bot over 1 year ago

  • Tags changed from beast to beast backport_processed
Actions
Copy link
 #13

Updated by Konstantin Shalygin over 1 year ago

  • Status changed from Pending Backport to Resolved
Actions
Copy link

Also available in: Atom PDF