1301024 – RFE: secure data transport between serial console proxy and QEMU server

Bug 1301024 - RFE: secure data transport between serial console proxy and QEMU server

Summary: RFE: secure data transport between serial console proxy and QEMU server

Keywords:
Status:	CLOSED DUPLICATE of bug 1645954
Alias:	None
Product:	Red Hat OpenStack
Classification:	Red Hat
Component:	openstack-nova
Sub Component:
Version:	7.0 (Kilo)
Hardware:	Unspecified
OS:	Unspecified
Priority:	medium
Severity:	medium
Target Milestone:	---
Target Release:	---
Assignee:	nova-maint
QA Contact:	nova-maint
Docs Contact:
URL:
Whiteboard:
Depends On:	1293719 1300776 1645954
Blocks:
TreeView+	depends on / blocked

Reported:	2016-01-22 11:08 UTC by Daniel Berrangé
Modified:	2019-10-10 06:40 UTC (History)
CC List:	12 users (show)
Fixed In Version:
Doc Type:	Enhancement
Doc Text:
Clone Of:
Environment:
Last Closed:	2019-10-10 06:40:15 UTC
Target Upstream Version:

Attachments	(Terms of Use)
Add an attachment (proposed patch, testcase, etc.)

Description Daniel Berrangé 2016-01-22 11:08:36 UTC

Description of problem:
The Nova serial console proxy communicates to the QEMU server over an plain text TCP channel. This allows any client with access to the management network to connect to any QEMU console with no authentication, or MITM any existing connections. As a step towards securing the management network this needs to be replaced with a TLS encryption and x509 certificate validation of clients.

Comment 4 Martin Schuppert 2019-10-10 06:40:15 UTC

Closing as duplicate of BZ1645954. This will be part of the other BZ when implemented.

*** This bug has been marked as a duplicate of bug 1645954 ***

Note You need to log in before you can comment on or make changes to this bug.