Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Fixes #15052: Document issue with openssl versions during rudder upgrade #489

Closed
wants to merge 1 commit into from
Closed

Fixes #15052: Document issue with openssl versions during rudder upgrade #489

wants to merge 1 commit into from

Conversation

peckpeck
Copy link
Member

@fanf fanf requested a review from amousset September 5, 2019 08:11
amousset
amousset reviewed Nov 20, 2019
View reviewed changes
release-data/changelogs/5.0/main.adoc
The problem occurs when a client using OpenSSL prior to 1.0.2 tries to
communicate with a server using OpenSSL 1.1.0 or later.

This means that a Rudder agent 4.3 or older on a debian 8, ubuntu 14,
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Debian
Ubuntu 14.04
RHEL6
RHEL7
SLES

fanf
fanf reviewed Nov 21, 2019
View reviewed changes
release-data/changelogs/5.0/main.adoc
with Rudder server 5.0 or later.

To work around this problem, you can upgrade the agent in 5.0 first
since they are compatible with a 4.3 server.
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This part is false.
Tested with:

  • server: centos 6.5, rudder 4.3.10 (system open ssl: 1.0.1e-fips)
  • agent: centos 7.6, rudder 5.0.15-nightly, (embedded openssl 1.1.1 and 1.1.0 (???), system openssl 1.0.2k-fips)

For the embeded version, not sure how to get it. ldd links to our own lib (/opt/rudder/bin/libssl.so.1.1), but strings say:

OPENSSL_1_1_0
OPENSSL_1_1_0d
OPENSSL_1_1_1
OPENSSL_1_1_1a
OPENSSL_1_1_0i
OPENSSL_1_1_0f

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

/opt/rudder/bin/openssl version gives the embedded version number

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks, it's 1.1.1b

@fanf
Copy link
Member

fanf commented Nov 28, 2019

I propose to change that one since it's now in the upgrade section of the doc and just reference the doc cc @peckpeck @amousset

@fanf
Copy link
Member

fanf commented Oct 25, 2020

Closing this one as the problem is not present in any rudder supported version anymore - we have better things to do than loose time on it.

Still, it's very sad that we were not able to make that documentation straight when the need was present for our users.

@fanf fanf closed this Oct 25, 2020
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@fanf fanf fanf left review comments

@amousset amousset amousset left review comments

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
3 participants
@peckpeck @fanf @amousset