Hello, We want to ensure that OVN uses only TLSv1.2, but not TLSv1 or TLSv1.1 in our scenario.
There are multiple connection, identified to be relevant: - The tunneling data connection between the hypervisors/chassis, like geneve listening on UDP port 6081. - The meta data connections: - The connections to the OVN Southbound DB, which is hosted by ovsdb-server and listening typically TCP port 6642. Connections may be initiated by from the ovn-controllers and ovn-northd. - The connections to the OVN Northbound DB, which is hosted by ovsdb-server and listening typically on TCP port 6641. Connections may be initiated by the Cloud Management System and ovn-northd. Is it correct that encryption is not supported at all for the tunneling data connection? For the meta data connections ovsdb-server acts as the server. ovsdb-server has the command line option --ssl-protocols, but I do not understand how to apply this. ovsdb-server seems to be started by ovn-ctl, but I do not recognize a way to utilize ovn-ctl to pass the --ssl-protocols option. How should the --ssl-protocols option passed to ovsdb-server? Thanks and regards Dominik _______________________________________________ discuss mailing list [email protected] https://mail.openvswitch.org/mailman/listinfo/ovs-discuss
