Note: This bug is displayed in read-only format because the product is no longer active in Red Hat Bugzilla.

Bug 1301024

Summary: RFE: secure data transport between serial console proxy and QEMU server
Product: Red Hat OpenStack Reporter: Daniel Berrangé <berrange>
Component: openstack-novaAssignee: OSP DFG:Compute <osp-dfg-compute>
Status: CLOSED DUPLICATE QA Contact: OSP DFG:Compute <osp-dfg-compute>
Severity: medium Docs Contact:
Priority: medium    
Version: 7.0 (Kilo)CC: dasmith, eglynn, kchamart, lyarwood, mbooth, mschuppe, mzhan, owalsh, sbauza, sgordon, srevivo, vromanso
Target Milestone: ---Keywords: FutureFeature, Triaged
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: Enhancement
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2019-10-10 06:40:15 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 1293719, 1300776, 1645954    
Bug Blocks:    

Description Daniel Berrangé 2016-01-22 11:08:36 UTC 
Description of problem:
The Nova serial console proxy communicates to the QEMU server over an plain text TCP channel. This allows any client with access to the management network to connect to any QEMU console with no authentication, or MITM any existing connections. As a step towards securing the management network this needs to be replaced with a TLS encryption and x509 certificate validation of clients.
Comment 4 Martin Schuppert 2019-10-10 06:40:15 UTC 
Closing as duplicate of BZ1645954. This will be part of the other BZ when implemented.

*** This bug has been marked as a duplicate of bug 1645954 ***