From 39ae78ea78c52f3e1edf8f4bf5d9274d625df9b0 Mon Sep 17 00:00:00 2001 From: Julian Hniopek Date: Fri, 12 May 2023 17:06:58 +0200 Subject: [PATCH 1/2] Add reference to DH-key exchange issues and potential solution to README Add documentation on problematic Diffie-Helman Key Exchanges and how to to disable their advertisement using the correct environment variable. This is (one) solution to prevent connection issues with omero-py>=5.13.0 to an OMERO.server running on Docker using this image --- README.md | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/README.md b/README.md index 834c1c62..07b02b1b 100644 --- a/README.md +++ b/README.md @@ -33,6 +33,14 @@ This example uses the default `postgres` system database for convenience, in pra -p 4063:4063 -p 4064:4064 \ openmicroscopy/omero-server +Since the Docker container is based on CentOS7, there might be problems when connecting with clients which require high standards for the Diffie-Hellman +key exchange algorithms for secure communication with the OMERO server. While this key-exchange algorithm is disabled on the OMERO side, if it is +advertised it can lead to client errors (e.g. omero-py>=5.13.0), which will fail to connect to OMERO because of a dh-key error. To prevent this, +it might be necessary to remove Diffie-Hellmann key exchange from the IceSSL configuration. This can be done by adding the following line to the +`docker run` command or setting the environment variable in the compose file or a configuration file (see below!): + + -e CONFIG_omero_glacier2_iceSSL_Ciphers="HIGH:!DH" + Configuration variables ----------------------- @@ -90,3 +98,5 @@ Running without links --------------------- As an alternative to running with `--link` the address of the database can be specified using the variable `CONFIG_omero_db_host` + + From 257a42bcacdcac2681c78e2dc992fb224242792c Mon Sep 17 00:00:00 2001 From: Julian Hniopek Date: Fri, 12 May 2023 17:10:38 +0200 Subject: [PATCH 2/2] Revert erroneous whitespace changes --- README.md | 2 -- 1 file changed, 2 deletions(-) diff --git a/README.md b/README.md index 07b02b1b..0bc9bd4b 100644 --- a/README.md +++ b/README.md @@ -98,5 +98,3 @@ Running without links --------------------- As an alternative to running with `--link` the address of the database can be specified using the variable `CONFIG_omero_db_host` - -