Bug 1086964 - [RFE][nova]: Generic Framework for Securing VNC and SPICE Proxy-To-Compute-Node Connections
Summary: [RFE][nova]: Generic Framework for Securing VNC and SPICE Proxy-To-Compute-No...
Status: CLOSED DUPLICATE of bug 1025429
Alias: None
Product: Red Hat OpenStack
Classification: Red Hat
Component: openstack-nova
Version: unspecified
Hardware: Unspecified
OS: Unspecified
Target Milestone: Upstream M2
: 14.0 (Rocky)
Assignee: Eoghan Glynn
QA Contact: Prasanth Anbalagan
URL: https://blueprints.launchpad.net/nova...
Whiteboard: upstream_milestone_none upstream_defi...
Depends On:
TreeView+ depends on / blocked
Reported: 2014-04-12 04:04 UTC by RHOS Integration
Modified: 2020-06-11 12:36 UTC (History)
16 users (show)

Fixed In Version:
Doc Type: Enhancement
Doc Text:
Clone Of:
: 1449307 (view as bug list)
Last Closed: 2017-10-06 13:54:51 UTC
Target Upstream Version:

Attachments (Terms of Use)

Description RHOS Integration 2014-04-12 04:04:29 UTC
Cloned from launchpad blueprint https://blueprints.launchpad.net/nova/+spec/websocket-proxy-to-host-security.


Currently, while the noVNC and HTML5 SPICE clients can use TLS-encrypted
WebSockets to communicate with Websockify (and authenticate with Nova console
tokens), the encryption and authentication ends there.  There are neither
encryption nor authentication between Websockify and the hypervisors'
VNC and SPICE servers.

This blueprint would propose introducing a generic framework for supporting
MITM security for Websockify to use between itself and the compute nodes.

Specification URL (additional information):


Comment 2 Red Hat Bugzilla Rules Engine 2017-04-20 12:42:19 UTC
This bugzilla has been removed from the release and needs to be reviewed and Triaged for another Target Release.

Comment 5 Stephen Finucane 2017-10-06 13:54:51 UTC

*** This bug has been marked as a duplicate of bug 1025429 ***

Note You need to log in before you can comment on or make changes to this bug.