[SRU] TLS is not enabled for memcached>=1.5.13
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
memcached (Ubuntu) |
Fix Released
|
Wishlist
|
Unassigned | ||
Focal |
Fix Released
|
Wishlist
|
Unassigned |
Bug Description
[Impact]
TLS enablement allows Memcached to both encrypt cached data on the wire as well as to provide authentication of clients and servers according to the specified TLS configuration.
TLS is a feature enabled via configuration or command-line arguments, therefore existing deployments of Memcached will not be affected and will continue to work as expected. Such deployments would then have the choice to opt-in TLS usage by providing the extra TLS configuration.
TLS support is required to safely run Memcached on cloud environments where the user does not have total control over the network.
According to [1], support for TLS was added in version 1.5.13 while Focal ships 1.5.22. The feature is just not enabled during compile time.
[Test Case]
$ apt install memcached
$ memcached -Z -v
Error loading the certificate chain: (null)
That is enough to check if TLS capabilities are enabled in Memcached.
[Regression Potential]
Enabling TLS as an SRU will introduce a new protocol in certain environments. This may be problematic for a small number of users, but the benefit of having TLS enabled greatly outweighs that.
From an update point of view, this only enables the capability to run Memcached with TLS, and as this is an opt-in feature, services that do not choose to opt-in should stay the same.
[Fix]
This simply needs --enable-tls passed to the configure script to enable TLS. The change has been reviewed and accepted by Debian and sync'd to Ubuntu groovy. The upstream commit is https:/
[Discussion]
[Original Report]
At OpenStack we use ubuntu (currently 20.04) at our CI jobs.
There is a current demand for TLS enablement in order to be able to cache sensitive information such as access tokens.
Related branches
- Bryce Harrington (community): Approve
- Canonical Server Core Reviewers: Pending requested
- Canonical Server: Pending requested
- Christian Ehrhardt : Pending requested
-
Diff: 55 lines (+16/-1)3 files modifieddebian/changelog (+12/-0)
debian/control (+3/-0)
debian/rules (+1/-1)
- Christian Ehrhardt (community): Needs Fixing
- Moisés Guimarães de Medeiros: Pending requested
- Canonical Server: Pending requested
- Canonical Server Core Reviewers: Pending requested
-
Diff: 62 lines (+17/-1)3 files modifieddebian/changelog (+9/-0)
debian/control (+3/-0)
debian/rules (+5/-1)
Changed in memcached (Ubuntu): | |
importance: | Undecided → Wishlist |
Changed in memcached (Ubuntu Focal): | |
importance: | Undecided → Wishlist |
tags: | added: server-triage-discuss |
tags: | removed: server-triage-discuss |
description: | updated |
Changed in memcached (Ubuntu Focal): | |
status: | New → Triaged |
summary: |
- TLS is not enabled for memcached>=1.5.13 + [SRU] TLS is not enabled for memcached>=1.5.13 |
description: | updated |
Hi @Bryce,
Is there anything I can do to help to push this forward like patches or attending to open meetings?