The patch set is actually not that large, it appears to be large because
of a second patch that touches a lot of comments and documentation bits.
Main parts are:
* Deprecation fo TLSv1 and TLSv1.1.
* Dropping support for OpenSSL 1.1.0 and older to make code cleaner
and allow adding support for TLSv1.3 without conditional compiling.
* More secure defaults.
* Explicit support and configuration of TLSv1.3.
This patch set may not be an exhaustive cleanup of all the deprecated
APIs, so there may be some follow ups, if new ones discovered.
Ilya Maximets (10):
stream-ssl: Deprecate and disable TLSv1 and TLSv1.1.
treewide: Refer to SSL configuration as SSL/TLS.
stream-ssl: Drop support for OpenSSL 1.1.0 and older.
stream-ssl: Support protocol ranges.
stream-ssl: Remove use of deprecated SSLv23_method.
m4: Fix check for Python 3.6 version.
python: Require Python 3.7 for ssl.TLSVersion.
ovs-pki: Use 3072-bit keys by default and drop 1024-bit ones.
stream-ssl: Use DEFAULT:@SECLEVEL=2 cipher list by default.
stream-ssl: Add explicit support for configuring TLSv1.3.
Documentation/howto/ssl.rst | 83 +++++----
Documentation/intro/install/general.rst | 10 +-
Documentation/intro/install/rhel.rst | 8 +-
Documentation/intro/install/windows.rst | 2 +-
Documentation/ref/ovsdb.7.rst | 8 +-
NEWS | 17 ++
build-aux/generate-dhparams-c | 6 -
debian/openvswitch-testcontroller.default | 8 +-
lib/dhparams.c | 6 -
lib/reconnect.c | 2 +-
lib/ssl-bootstrap.man | 14 +-
lib/ssl-bootstrap.xml | 14 +-
lib/ssl-connect-syn.man | 4 +-
lib/ssl-connect.man | 28 ++-
lib/ssl-peer-ca-cert.man | 6 +-
lib/ssl-peer-ca-cert.xml | 6 +-
lib/ssl.man | 11 +-
lib/ssl.xml | 10 +-
lib/stream-nossl.c | 20 +-
lib/stream-ssl.c | 217 +++++++++++++---------
lib/stream-ssl.h | 11 +-
lib/stream.c | 17 +-
lib/vconn.c | 6 +-
m4/openvswitch.m4 | 30 +--
ovsdb/local-config.xml | 19 +-
ovsdb/ovsdb-client.1.in | 2 +-
ovsdb/ovsdb-server.c | 13 +-
python/ovs/reconnect.py | 2 +-
python/ovs/stream.py | 18 +-
python/setup.py.template | 2 +-
tests/atlocal.in | 1 -
tests/ofproto-macros.at | 2 +-
tests/ovs-vsctl.at | 1 -
tests/ovsdb-idl.at | 10 +-
tests/ovsdb-server.at | 147 +++++++++------
tests/test-ovsdb.py | 4 +-
utilities/ovs-ofctl.8.in | 4 +-
utilities/ovs-pki.in | 8 +-
utilities/ovs-vsctl.8.in | 28 +--
utilities/ovs-vsctl.c | 10 +-
vswitchd/bridge.c | 5 +-
vswitchd/vswitch.xml | 44 ++---
vtep/vtep.xml | 18 +-
43 files changed, 495 insertions(+), 387 deletions(-)
--
2.47.0
_______________________________________________
dev mailing list
[email protected]
https://mail.openvswitch.org/mailman/listinfo/ovs-dev
