Red Hat Bugzilla – Bug 1459441
Store allowed TLS versions in the ovsdb database and have support in ovn-nbctl/ovn-sbctl etc. [master]
Last modified: 2017-09-28 05:50:51 EDT
Description of problem:
ovn-nbctl/ovn-sbctl etc. can be used to store most ssl options, e.g. "--private-key" and "--certificate", in the ovsdb database. But it is not possible to store the option "--ssl-protocols" in the ovsdb database.
Version-Release number of selected component (if applicable):
Steps to Reproduce:
1. Use ovn-nbctl and ovn-sbctl to store the allowed TLS version TLSv1.2 in the data base
All TLS version are accepted by OVN Southbound DB and OVN Northbound DB, since configuration is not yet possible.
Only TLSv1.2 is accepted by OVN Southbound DB and OVN Northbound DB
*** Bug 1459442 has been marked as a duplicate of this bug. ***
Outline of work:
- Add new columns ssl_protocols and ssl_ciphers to SSL tables in
OVN_Northbound and OVN_Southbound db schemas.
- Modify ovn-ctl to start nb/sb ovsdb-server with command-line options
to take SSL protocol/cipher configuration from db.
- Modify ovn-nbctl and ovn-sbctl "set-ssl" commands to take optional
parameters to specify the SSL protocols and SSL ciphers that should
- Update documentation.
This will be available in Open vSwitch version 2.8.
Author: Lance Richardson <firstname.lastname@example.org>
Date: Wed Jun 7 13:35:20 2017 -0400
ovn: ssl proto/cipher configuration in nb/sb db
Add SSL protocol and cipher columns to SSL tables in northbound
and southbound databases. Start nb/sb ovsdb-server with command-
line options to use these columns. Add support to ovn-nbctl
and ovn-sbctl "set-ssl" commands for user-friendly management
of these settings.
Signed-off-by: Lance Richardson <email@example.com>
Signed-off-by: Ben Pfaff <firstname.lastname@example.org>
Upstream commit is contained in master and 2.8 branches, released in version