Firewall issue connecting to DIRAC client #5539
-
Dear all, We have CTA users from a particular institute in France that are not able to use the dirac client because of the firewall rules at their institute.
After some investigations their admins found that at least one packet to ccdcta-server04.in2p3.fr:9135 (which is one of our DIRAC servers) was blocked because it was identified as a memory corruption vulnerability, see: We were referred to http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5334 and asked which version if any of GnuTLS is used on the client and server sides. Also I've been asked if our servers are exposed to https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5334 Personally, I have no idea, but I've asked informations to the admins at CC-IN2P3, where our servers are hosted. Do you have any idea about this issue? Any help would be very much appreciated. Cheers, Luisa |
Beta Was this translation helpful? Give feedback.
Replies: 2 comments
-
Hi Luisa, |
Beta Was this translation helpful? Give feedback.
-
See, if that had been on google groups, I would have seen it :-P |
Beta Was this translation helpful? Give feedback.
See, if that had been on google groups, I would have seen it :-P
To quote Simon F (from January 2020):
"As far as I can remember the less common client certificate flags in
the SSL handshake used by grid software occasionally causes the traffic to
be flagged as weird/old versions of the SSL libraries when it isn't really."