Bug 1459442 - Store allowed TLS versions in the ovsdb database and have support in ovn-nbctl/ovn-sbctl etc. [branch]
Store allowed TLS versions in the ovsdb database and have support in ovn-nbct...
Status: CLOSED DUPLICATE of bug 1459441
Product: Red Hat Enterprise Linux 7
Classification: Red Hat
Component: openvswitch (Show other bugs)
7.3
Unspecified Unspecified
unspecified Severity unspecified
: rc
: ---
Assigned To: Lance Richardson
ovs-qe@redhat.com
:
Depends On: 1459441
Blocks:
  Show dependency treegraph
 
Reported: 2017-06-07 03:40 EDT by Dominik Holler
Modified: 2017-06-07 08:57 EDT (History)
3 users (show)

See Also:
Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: 1459441
Environment:
Last Closed: 2017-06-07 08:57:15 EDT
Type: Bug
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Dominik Holler 2017-06-07 03:40:14 EDT
This bug is to track the backport to openvswitch/ovs branch-2.7

+++ This bug was initially created as a clone of Bug #1459441 +++

Description of problem:

ovn-nbctl/ovn-sbctl etc. can be used to store most ssl options, e.g. "--private-key" and "--certificate", in the ovsdb database. But it is not possible to store the option "--ssl-protocols" in the ovsdb database.

Version-Release number of selected component (if applicable):


How reproducible:


Steps to Reproduce:
1. Use ovn-nbctl and ovn-sbctl to store the allowed TLS version TLSv1.2 in the data base
2.
3.

Actual results:

All TLS version are accepted by OVN Southbound DB and OVN Northbound DB, since configuration is not yet possible.

Expected results:

Only TLSv1.2 is accepted by OVN Southbound DB and OVN Northbound DB

Additional info:

https://mail.openvswitch.org/pipermail/ovs-discuss/2017-June/044641.html

--- Additional comment from Red Hat Bugzilla Rules Engine on 2017-06-07 03:37:56 EDT ---

Since this bug report was entered in Red Hat Bugzilla, the release flag has been set to ? to ensure that it is properly evaluated for this release.
Comment 2 Lance Richardson 2017-06-07 08:57:15 EDT
We don't need separate BZs for upstream/downstream work, closing as a
duplicate of BZ 1459441.

*** This bug has been marked as a duplicate of bug 1459441 ***

Note You need to log in before you can comment on or make changes to this bug.