cloudstack-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Mike Tutkowski <mike.tutkow...@solidfire.com>
Subject Re: systemvm java 7
Date Wed, 28 Jan 2015 06:03:46 GMT
Interesting...it seems like we should be able to do something on the MS
side, too, to detect such a hung thread, kill it, and create a new one.

On Tue, Jan 27, 2015 at 10:56 PM, Marcus <shadowsor@gmail.com> wrote:

> Indeed. I thought so, but I tried installing it and didn't get it to
> work. I guess I didn't try right because I eventually got it going.
>
> There's been a fix committed to 4.3 for the SSL "poodle" attack,
> however, the fix in its current version seems to require java 7 for
> TLSv1.2, even if the binaries are compiled for java 6.
>
> So basically if we roll another 4.3 release including this poodle
> patch we will also need to provide a new system vm template. It's
> particularly nasty, as the system vm's agent connects to the mgmt
> server, fails to negotiate TLSv1.2 due to missing support, and leaves
> the mgmt server's agent thread hanging, waiting for timeout. it
> effectively DDoS's the mgmt server into not allowing any hypervisors
> to connect.
>
> On Tue, Jan 27, 2015 at 6:34 PM, Mike Tutkowski
> <mike.tutkowski@solidfire.com> wrote:
> > I think the 4.4 system VM templates use Java 7.
> >
> > On Tuesday, January 27, 2015, Marcus <shadowsor@gmail.com> wrote:
> >
> >> Anyone know if there's a systemvm version shipping with java 7? Is 4.4
> >> systemvm supposed to have it (since the release notes say java 1.7)?
> >>
> >
> >
> > --
> > *Mike Tutkowski*
> > *Senior CloudStack Developer, SolidFire Inc.*
> > e: mike.tutkowski@solidfire.com
> > o: 303.746.7302
> > Advancing the way the world uses the cloud
> > <http://solidfire.com/solution/overview/?video=play>*™*
>



-- 
*Mike Tutkowski*
*Senior CloudStack Developer, SolidFire Inc.*
e: mike.tutkowski@solidfire.com
o: 303.746.7302
Advancing the way the world uses the cloud
<http://solidfire.com/solution/overview/?video=play>*™*

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message