[ovs-discuss] enforce TLSv1.2 in OVN

Lance Richardson lrichard at redhat.com
Wed Jun 7 12:50:14 UTC 2017


> From: "Dominik Holler" <dholler at redhat.com>
> To: "Lance Richardson" <lrichard at redhat.com>
> Cc: ovs-discuss at openvswitch.org, "Numan Siddique" <nusiddiq at redhat.com>, "Marcin Mirecki" <mmirecki at redhat.com>, "Dan
> Kenigsberg" <danken at redhat.com>
> Sent: Wednesday, 7 June, 2017 3:48:45 AM
> Subject: Re: enforce TLSv1.2 in OVN
> 
> On Tue, 6 Jun 2017 12:26:21 -0400 (EDT)
> Lance Richardson <lrichard at redhat.com> wrote:
> 

> > I think we'll need to add a new option to ovn-ctl to allow this option
> > to be specified.
> > 
> > I also think we should allow the --ssl-protocols configuration to be
> > stored in the ovsdb database and have support in ovn-nbctl/ovn-sbctl
> > etc. for setting it.

Thinking about this a bit more, I don't think we need to add a new option
to ovn-ctl. SSL key and certificate configuration for OVN nb/sb ovsdb-server
is handled solely through db entries (no command-line option for these in
ovn-ctl), so we should do the same for SSL protocol and cipher configuration.

Regards,

   Lance



More information about the discuss mailing list