Open Jo-stfc opened 3 months ago
https://github.com/xrootd/xrootd/issues/2202 is the original issue where this was identified
In the above xrootd issue, this comment seems the most relevant.
The underlying problem seems to be that the xroot "GSI" authentication protocol doesn't support a negotiation of which digest algorithm is used. Therefore, when adopting a new digest algorithm, all services must be updated to versions that support a new digest algorithm before that new algorithm is actually used.
The xrootd software has updated their default algorithm. This places a burden on people using that new version to ensure all their xroot-protocol endpoints have been upgraded.
In this case, xrootd4j should be updated to support sha256, with dCache updated to use a version of xrootd4j with that support.
The problem is (likely) independent of TPC. GSI-based direct access from an xrootd client would (likely) also be affected, if that client is using sha256 by default.
thanks Paul, I'll open a new issue on xrootd4j and link this issue
Hi, back in March I had run into some TPC failures from XRootD 5.6+ to some dcache sites. the error was tracked down to:
org.dcache.xrootd.core.XrootdException: all sender digests are unsupported: [sha256].
sha256 is the new default md algorithm from that version of xrootd and up. Is sha256 already supported in the latest version of dcache? If not could you add support for it?