<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
</head>
<body text="#000000" bgcolor="#FFFFFF">
<p>Hi Misha,</p>
<p>with the latest version of the package, now also minimum version
of TLS has been set to 1.2</p>
<p>cheers</p>
<p>Andrea</p>
<p><br>
</p>
<div class="moz-cite-prefix">Il 21.09.18 16:32, Mischa Salle ha
scritto:<br>
</div>
<blockquote type="cite" cite="mid:20180921143234.GA17819@nikhef.nl">
<pre wrap="">Hi all,
I'm a bit confused about this. AFAIK Mattias Ellert has set the
*maximum* TLS version to 1.2 since it fails with the new TLS 1.3
which has been introduced with OpenSSL 1.1.1. But that should not
normally set the *default* version to 1.2? Not entirely sure whether
this is the same issue.
I'm including him directly in CC to attract attention...
Cheers,
Mischa
On Fri, Sep 21, 2018 at 04:04:55PM +0200, andrea wrote:
</pre>
<blockquote type="cite">
<pre wrap="">Hi Paul
Il 21.09.18 15:58, Maarten Litmaath ha scritto:
</pre>
<blockquote type="cite">
<pre wrap="">CC FTS manager Andrea...
On 09/21/18 15:41, Paul Millar wrote:
</pre>
<blockquote type="cite">
<pre wrap="">On 21/09/18 15:33, Maarten Litmaath wrote:
</pre>
<blockquote type="cite">
<pre wrap="">Hi all,
do you have comments on this matter?
</pre>
</blockquote>
<pre wrap="">
Is the "pilot" FTS instance finding SRM storage sites that are not
supporting TLS v1.2 because the version of globus-gssapi-gsi was
updated on that (those) machine(s)?
</pre>
</blockquote>
</blockquote>
<pre wrap="">yes the new package coming from EPEL-testing was installed on 2 of our FTS
pilot nodes
</pre>
<blockquote type="cite">
<blockquote type="cite">
<pre wrap="">
Does this problem affect only FTS, or are clients installed on the
WN also affected?
</pre>
</blockquote>
</blockquote>
<pre wrap="">anyone using gfal + srm/gridftp will be affected ( if the the server is not
configured with tls 1.2)
</pre>
<blockquote type="cite">
<blockquote type="cite">
<pre wrap="">
Has anyone tested a machine with this against any dCache instances?
</pre>
</blockquote>
</blockquote>
<pre wrap="">i just tried INP3 and it looks ok
cheers
Andrea
</pre>
<blockquote type="cite">
<blockquote type="cite">
<pre wrap="">
For me, the last question is the most pressing.
If the answer is "no" then how can we change this, so dCache
instances are being tested?
Cheers,
Paul.
</pre>
</blockquote>
<pre wrap="">
</pre>
</blockquote>
<pre wrap="">
_______________________________________________
Gt-eos mailing list
<a class="moz-txt-link-abbreviated" href="mailto:Gt-eos@mailman.egi.eu">Gt-eos@mailman.egi.eu</a>
<a class="moz-txt-link-freetext" href="http://mailman.egi.eu/mailman/listinfo/gt-eos">http://mailman.egi.eu/mailman/listinfo/gt-eos</a>
</pre>
</blockquote>
<pre wrap="">
</pre>
<br>
<fieldset class="mimeAttachmentHeader"></fieldset>
<br>
<pre wrap="">_______________________________________________
Gt-eos mailing list
<a class="moz-txt-link-abbreviated" href="mailto:Gt-eos@mailman.egi.eu">Gt-eos@mailman.egi.eu</a>
<a class="moz-txt-link-freetext" href="http://mailman.egi.eu/mailman/listinfo/gt-eos">http://mailman.egi.eu/mailman/listinfo/gt-eos</a>
</pre>
</blockquote>
<br>
</body>
</html>