RHV should have end to end VNC encryption for accessing its VMs via VNC. It is possible to enable tls in qemu vnc server[1], but RHV does not use it and does not expose this option to the user via RHV portals. How this request should be implemented: - Provide "Enable TLS" option for VM console when VNC is chosen. - If "Enable TLS" is selected, once VNC connection is established, it should be encrypted end to end, from client to the host. [1] https://wiki.libvirt.org/page/VNCTLSSetup
Re-targeting to 4.3.1 since it is missing a patch, an acked blocker flag, or both
WARN: Bug status (ON_QA) wasn't changed but the folowing should be fixed: [Found non-acked flags: '{'rhevm-4.3-ga': '?'}', ] For more info please contact: rhv-devops: Bug status (ON_QA) wasn't changed but the folowing should be fixed: [Found non-acked flags: '{'rhevm-4.3-ga': '?'}', ] For more info please contact: rhv-devops
Verified on: ovirt-engine-4.3.2-0.1.el7.noarch Steps: 1. Add a new cluster / Change existing cluster to VNC encrypted. 2. Install a host in the cluster, check vnc_tls=1 in the /etc/libvirt/qemu.conf file. 3. Create a VM in the cluster. 4. Edit the VM to VNC console. 5. Start the VM. 6. Invoke a console to the VM. Using tigerVNC, a connection is established and it is encrypted.
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHEA-2019:1085