Open Microscopy Environment

Hi Jacques

I managed to reproduce the issue. That's a start!!
I will do further investigation

Cheers
Jmarie

Hi Jean-Marie,
Great. Thanks for investigating.
So I keep my install and will rather make a backup server elsewhere.
Cheers
Jacques

Hi Jacques

I did a bit of digging
Debian 9 will come with open SSL 1.1.0
and ADH ciphers are no longer available
https://www.openssl.org/docs/man1.1.0/apps/ciphers.html
Those ciphers are "used" in https://github.com/openmicroscopy/openm ... s.xml#L478
I have tried various options but so far nothing has worked
A downgrade to openssl 1.0.2k did not help either
An option could be to enable weaker ciphers but this is not ideal

So far not a positive outcome.

Cheers

Jmarie

Dear Jean-Marie,

Thank you so much.
I preserve the server and will be able to test any fix.
In the meantimes I set up a backup server using 5.2.7 to be able to wait.
Cheers

Jacques

jburel wrote:Hi Jacques
Debian 9 will come with open SSL 1.1.0
and ADH ciphers are no longer available
https://www.openssl.org/docs/man1.1.0/apps/ciphers.html
Those ciphers are "used" in https://github.com/openmicroscopy/openm ... s.xml#L478
I have tried various options but so far nothing has worked
A downgrade to openssl 1.0.2k did not help either

The removed cyphers were 'aDH' and not 'ADH'. The 'ADH' cyphers are still present in OpenSSl 1.1.0 and in Debian 9:

Code: Select all

$ cat /etc/debian_version
9.0
$ openssl version
OpenSSL 1.1.0f  25 May 2017
$ openssl ciphers ADH
ADH-AES256-GCM-SHA384:ADH-AES128-GCM-SHA256:ADH-AES256-SHA256:ADH-CAMELLIA256-SHA256:ADH-AES128-SHA256:ADH-CAMELLIA128-SHA256:ADH-AES256-SHA:ADH-CAMELLIA256-SHA:ADH-AES128-SHA:ADH-SEED-SHA:ADH-CAMELLIA128-SHA
$ openssl ciphers aDH
Error in cipher list
140255844652288:error:1410D0B9:SSL routines:SSL_CTX_set_cipher_list:no cipher match:../ssl/ssl_lib.c:2018:


My mistake I misread the page
but we still have issue connecting
This requires further investigation
If you have time to help, that will be great

Cheers
jmarie

jacques2020 wrote:To complete my answer:
PS: If the debugging appears too complex, let me know. I can also bring everything back to 5.2.7 and wait for a few month it meant to be solved (I have backups). The only issue that pushed me to upgrade is that cleanse is not working on 5.2.7 so we accumulate data without being able to clean the up.

Note that if you don't run cleanse, data should still not accumulate. cleanse is only needed if there was an issue with the system that prevented the file from being removed (there is a page on the docs that says otherwise but seems to be incorrect). See http://lists.openmicroscopy.org.uk/pipe ... 06520.html

Hi
For clarification,
the ADH ciphers will be in the list of ciphers but if you execute for example

Code: Select all

openssl s_client -cipher "$cipher" -connect localhost:4064


where $cipher is any ADH cipher. An error will be returned indicating "no ciphers available".
This is obviously not the case in previous versions.
We will have to find what is the correct value to specify.

Cheers
Jmarie

Dear Jean-Marie,

thank you so much for all these detailed indication. No problem to give a hand in fixing this issue although I cannot promise a lot of time... (I have a team to lead and no computer engineer or tech unfortunately).

Cheers

Jacques

cleanse is not working on 5.2.7

- it isn't? I hadn't realized. Not to hijack this thread but can you point me to a bug report? Maybe I can investigate.

Cheers,
Mark