Hi Andreas...
The openssl issue in sl6 distribution is already known.
Please check the following GGUS tickets
https://ggus.eu/ws/ticket_info.php?ticket=99406
https://ggus.eu/ws/ticket_info.php?ticket=99398
Cheers
Goncalo
On 12/12/2013 12:59 PM, Andreas Haupt wrote:
> Dear all,
>
> at first a warning: the latest SL6 openssl security update
> (openssl-1.0.1e-16.el6_5) refuses to work with 512-bit proxies. The
> gridftp server on e.g. the cream node rejects requests afterwards. The
> error message looks like this:
>
> error: globus_ftp_control: gss_init_sec_context failed
> globus_gsi_gssapi: SSLv3 handshake problems: Couldn't do ssl handshake
> OpenSSL Error: s3_clnt.c:2985: in library: SSL routines, function SSL3_SEND_CLIENT_VERIFY: EVP lib
> OpenSSL Error: rsa_sign.c:127: in library: rsa routines, function RSA_sign: digest too big for rsa key
>
> During the investigation I found out that e.g. glite-ce-job-submit from
> the EMI-2 UI (I don't have a EMI-3 UI here to check), produces 512-bit
> delegation proxies by default when used with the '-a' switch. Is this a
> known issue? Do I have a chance to overwrite the default key length for
> the delegation proxies?
>
> Cheers,
> Andreas
|