Re: [Gluster-users] TLS support

[Joseph Lorenzini]

Try OpenSSL s_client connect to a volumes brick port. Note you can controll
the allowed ssl versions by setting a gluster vol option.

Joe

On Fri, Mar 31, 2017 at 8:33 AM Darren Zhang  wrote:

So how can I know the default ssl protocol currently using between server
and client? (gluster3.10.0 on ubuntu16.04)


Yong Zhang


On 2017-03-31 20:56 , Niels de Vos  Wrote:

On Fri, Mar 31, 2017 at 07:01:14AM -0500, Joseph Lorenzini wrote:
> Hi Yong,
>
> Gluster uses the openssl library, which supports SSL 3.0 and TLS versions
> 1.0,1.1,1.2. I actually don't know if its dynamically linked against the
> openssl library nor what version of the openssl lib gluster has been
tested
> with. That is important info to know that is currently undocumented.

It is dynamically linked and the version that is used is the openssl
version that is provided by the distribution where the different
glusterfs packages are built.

Niels
___
Gluster-users mailing list
Gluster-users@gluster.org
http://lists.gluster.org/mailman/listinfo/gluster-users

Re: [Gluster-users] TLS support

[Darren Zhang]

So how can I know the default ssl protocol currently using between server and 
client? (gluster3.10.0 on ubuntu16.04)


Yong Zhang



On 2017-03-31 20:56 , Niels de Vos Wrote:

On Fri, Mar 31, 2017 at 07:01:14AM -0500, Joseph Lorenzini wrote:
> Hi Yong,
>
> Gluster uses the openssl library, which supports SSL 3.0 and TLS versions
> 1.0,1.1,1.2. I actually don't know if its dynamically linked against the
> openssl library nor what version of the openssl lib gluster has been tested
> with. That is important info to know that is currently undocumented.

It is dynamically linked and the version that is used is the openssl
version that is provided by the distribution where the different
glusterfs packages are built.

Niels
___
Gluster-users mailing list
Gluster-users@gluster.org
http://lists.gluster.org/mailman/listinfo/gluster-users

Re: [Gluster-users] TLS support

[Niels de Vos]

On Fri, Mar 31, 2017 at 07:01:14AM -0500, Joseph Lorenzini wrote:
> Hi Yong,
> 
> Gluster uses the openssl library, which supports SSL 3.0 and TLS versions
> 1.0,1.1,1.2. I actually don't know if its dynamically linked against the
> openssl library nor what version of the openssl lib gluster has been tested
> with. That is important info to know that is currently undocumented.

It is dynamically linked and the version that is used is the openssl
version that is provided by the distribution where the different
glusterfs packages are built.

Niels


signature.asc
Description: PGP signature
___
Gluster-users mailing list
Gluster-users@gluster.org
http://lists.gluster.org/mailman/listinfo/gluster-users

Re: [Gluster-users] TLS support

[Joseph Lorenzini]

Hi Yong,

Gluster uses the openssl library, which supports SSL 3.0 and TLS versions
1.0,1.1,1.2. I actually don't know if its dynamically linked against the
openssl library nor what version of the openssl lib gluster has been tested
with. That is important info to know that is currently undocumented.

But in regards to your specific question, it would support SSL (which no
one should use anymore) and all versions of TLS (everyone should be using
at least 1.1)

Thanks,
Joe
___
Gluster-users mailing list
Gluster-users@gluster.org
http://lists.gluster.org/mailman/listinfo/gluster-users

[Gluster-users] TLS support

[Yong Zhang]

Hi, all

Does anyone know which ssl protocol glusterfs use? Does glusterfs support TLS? 
Thanks.

___
Gluster-users mailing list
Gluster-users@gluster.org
http://lists.gluster.org/mailman/listinfo/gluster-users