Bug 1459440

Summary: ovn-ctl is not able to specify TLS version used by ovsdb-server [branch]
Product: Red Hat Enterprise Linux 7 Reporter: Dominik Holler <dholler>
Component: openvswitchAssignee: Lance Richardson <lrichard>
Status: CLOSED WONTFIX QA Contact: ovs-qe
Severity: unspecified Docs Contact:
Priority: unspecified    
Version: 7.3CC: atragler, lrichard, ovs-qe
Target Milestone: rc   
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: 1459438 Environment:
Last Closed: 2017-06-07 20:43:56 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 1459438    
Bug Blocks:    

Description Dominik Holler 2017-06-07 07:28:20 UTC 
This bug is to track the backport to openvswitch/ovs branch-2.7

+++ This bug was initially created as a clone of Bug #1459438 +++

Description of problem:

The allowed TLS versions for OVN Southbound DB and OVN Northbound DB can be set by the command line option --ssl-protocols of ovsdb-server, which hosts the two DBs.
ovsdb-server is started by ovn-ctl.
But it is not possible to pass the command line option --ssl-protocols by  ovn-ctl, so it is not possible to start ovsdb-server with restricted TLS versions.

Version-Release number of selected component (if applicable): 2.7


How reproducible:


Steps to Reproduce:
1. Configure OVN Southbound DB and OVN Northbound DB to use only TLSv1.2
2.
3.

Actual results:

All TLS version are accepted by OVN Southbound DB and OVN Northbound DB, since configuration is not yet possible.

Expected results:

Only TLSv1.2 is accepted by OVN Southbound DB and OVN Northbound DB

Additional info:

https://mail.openvswitch.org/pipermail/ovs-discuss/2017-June/044641.html

--- Additional comment from Red Hat Bugzilla Rules Engine on 2017-06-07 03:20:10 EDT ---

Since this bug report was entered in Red Hat Bugzilla, the release flag has been set to ? to ensure that it is properly evaluated for this release.
Comment 2 Lance Richardson 2017-06-07 20:43:56 UTC 
Closing, using approach here instead:

   https://bugzilla.redhat.com/show_bug.cgi?id=1459441