> From: "Dominik Holler" <[email protected]> > To: "Lance Richardson" <[email protected]> > Cc: [email protected], "Numan Siddique" <[email protected]>, > "Marcin Mirecki" <[email protected]>, "Dan > Kenigsberg" <[email protected]> > Sent: Wednesday, 7 June, 2017 3:48:45 AM > Subject: Re: enforce TLSv1.2 in OVN > > On Tue, 6 Jun 2017 12:26:21 -0400 (EDT) > Lance Richardson <[email protected]> wrote: >
> > I think we'll need to add a new option to ovn-ctl to allow this option > > to be specified. > > > > I also think we should allow the --ssl-protocols configuration to be > > stored in the ovsdb database and have support in ovn-nbctl/ovn-sbctl > > etc. for setting it. Thinking about this a bit more, I don't think we need to add a new option to ovn-ctl. SSL key and certificate configuration for OVN nb/sb ovsdb-server is handled solely through db entries (no command-line option for these in ovn-ctl), so we should do the same for SSL protocol and cipher configuration. Regards, Lance _______________________________________________ discuss mailing list [email protected] https://mail.openvswitch.org/mailman/listinfo/ovs-discuss
