Magento2: Advanced Reports Not valid cipher method.

Created on 20 Dec 2018  路  8Comments  路  Source: magento/magento2

Preconditions (*)

  1. Magento 2.3.0
  2. PHP 7.2.10
  3. MariaDB 10.1.37

Steps to reproduce (*)

  1. Set cron to generate advanced reports.
  2. or Run advanced reports cron manually

Expected result (*)

  1. [Screenshots, logs or description]
  2. advanced reports csv is generated

Actual result (*)

  1. [Screenshots, logs or description]
  2. Get output "Not valid cipher method."

The issue is due to openssl_get_cipher_list() returning cipher list in lowercase. The cipher being used in advanced reports is hardcoded in uppercase. So array_search does not match the cipher to the list.

/**
     * Cipher method for encryption.
     *
     * @var string
     */
    private $cipherMethod = 'AES-256-CBC';

but when dumping result of method 

private function validateCipherMethod($cipherMethod)
    {
        $methods = openssl_get_cipher_methods();
        return (false !== array_search($cipherMethod, $methods));
    }

openssl_get_cipher_methods() returns list in lowercase.

[02:08 dford@fu mage225] > php72 ~/test.php 
Array
(
    [0] => aes-128-cbc
    [1] => aes-128-cbc-hmac-sha1
    [2] => aes-128-cbc-hmac-sha256
    [3] => aes-128-ccm
    [4] => aes-128-cfb
    [5] => aes-128-cfb1
    [6] => aes-128-cfb8
    [7] => aes-128-ctr
    [8] => aes-128-ecb
    [9] => aes-128-gcm
    [10] => aes-128-ocb
    [11] => aes-128-ofb
    [12] => aes-128-xts
    [13] => aes-192-cbc
    [14] => aes-192-ccm
    [15] => aes-192-cfb
    [16] => aes-192-cfb1
    [17] => aes-192-cfb8
    [18] => aes-192-ctr
    [19] => aes-192-ecb
    [20] => aes-192-gcm
    [21] => aes-192-ocb
    [22] => aes-192-ofb
    [23] => aes-256-cbc
    [24] => aes-256-cbc-hmac-sha1
    [25] => aes-256-cbc-hmac-sha256
    [26] => aes-256-ccm
....

So returns false due to mismatch, either need to use strtoupper() on both or check the return result and change the array_search accordingly. suggest fix below

```
array_search(strtolower($search), array_map('strtolower', $array));

private function validateCipherMethod($cipherMethod)
{
$methods = openssl_get_cipher_methods();
return (false !== array_search(strtolower($cipherMethod), array_map('strtolower', $methods)));
}

Format is valid
Source
picture djfordz

Most helpful comment

@djfordz no problem, as you can see there were no issue, just a pull request :) By the way, you can do the same when code change is obvious.

Thanks for your report! The fix should be available with 2.3.1, until then patch from mentioned PR may be used.

picture orlangur on 20 Dec 2018
👍2

All 8 comments

Hi @djfordz. Thank you for your report.
To help us process this issue please make sure that you provided the following information:

  • [ ] Summary of the issue
  • [ ] Information on your environment
  • [ ] Steps to reproduce
  • [ ] Expected and actual results

Please make sure that the issue is reproducible on the vanilla Magento instance following Steps to reproduce. To deploy vanilla Magento instance on our environment, please, add a comment to the issue:

@magento-engcom-team give me $VERSION instance

where $VERSION is version tags (starting from 2.2.0+) or develop branches (for example: 2.3-develop).
For more details, please, review the Magento Contributor Assistant documentation.

@djfordz do you confirm that you was able to reproduce the issue on vanilla Magento instance following steps to reproduce?

  • [ ] yes
  • [ ] no
magento-engcom-team picture magento-engcom-team on 20 Dec 2018

@magento-engcom-team

yes it is reproducible on vanilla Magento instance

all information has been provided including simple fix.

I can submit pull request if you like.

djfordz picture djfordz on 20 Dec 2018

@magento-engcom-team give me 2.3.0 instance

djfordz picture djfordz on 20 Dec 2018

Hi @djfordz. Thank you for your request. I'm working on Magento 2.3.0 instance for you

magento-engcom-team picture magento-engcom-team on 20 Dec 2018

Hi @djfordz, here is your Magento instance.
Admin access: https://i-19894-2-3-0.instances.magento-community.engineering/admin
Login: admin Password: 123123q
Instance will be terminated in up to 3 hours.

magento-engcom-team picture magento-engcom-team on 20 Dec 2018

Hi @djfordz, this is already fixed in https://github.com/magento/magento2/pull/19104

orlangur picture orlangur on 20 Dec 2018
👍1

@orlangur

thanks, I searched for open issues similar and did not find any. guess I didn't look hard enough.

djfordz picture djfordz on 20 Dec 2018

@djfordz no problem, as you can see there were no issue, just a pull request :) By the way, you can do the same when code change is obvious.

Thanks for your report! The fix should be available with 2.3.1, until then patch from mentioned PR may be used.

orlangur picture orlangur on 20 Dec 2018
👍2
Was this page helpful?
0 / 5 - 0 ratings

Related issues

PushEngineering picture PushEngineering  路  3Comments
andreaskoch picture andreaskoch  路  3Comments
spyrule picture spyrule  路  3Comments
PascalBrouwers picture PascalBrouwers  路  3Comments
gg24 picture gg24  路  3Comments