Re: [Ryu-devel] [PATCH] ryu/controller/controller: add SSL/TLS support

Wed, 07 Nov 2012 16:52:11 -0800 

On Thu, Nov 08, 2012 at 07:01:45AM +0900, OHMURA Kei wrote:
> 2012/11/7 FUJITA Tomonori <fujita.tomon...@lab.ntt.co.jp>:
> > On Wed,  7 Nov 2012 21:25:43 +0900
> > OHMURA Kei <ohmura....@lab.ntt.co.jp> wrote:
> >
> >> We should support SSL/TLS to encrypt OF channel. This patch only
> >> support self-signed certificates. (see the "INSTALL.SSL" in Open vSwitch
> >> source code)
> >>
> >> Signed-off-by: OHMURA Kei <ohmura....@lab.ntt.co.jp>
> >> ---
> >>  ryu/controller/controller.py |   20 +++++++++++++++++---
> >>  1 file changed, 17 insertions(+), 3 deletions(-)
> >>
> >> diff --git a/ryu/controller/controller.py b/ryu/controller/controller.py
> >> index dd5f16b..2953a86 100644
> >> --- a/ryu/controller/controller.py
> >> +++ b/ryu/controller/controller.py
> >> @@ -21,6 +21,7 @@ import gevent
> >>  import traceback
> >>  import random
> >>  import greenlet
> >> +import ssl
> >>  from gevent.server import StreamServer
> >>  from gevent.queue import Queue
> >>
> >> @@ -42,6 +43,10 @@ FLAGS = gflags.FLAGS
> >>  gflags.DEFINE_string('ofp_listen_host', '', 'openflow listen host')
> >>  gflags.DEFINE_integer('ofp_tcp_listen_port', ofproto_common.OFP_TCP_PORT,
> >>                        'openflow tcp listen port')
> >> +gflags.DEFINE_integer('ofp_ssl_listen_port', ofproto_common.OFP_SSL_PORT,
> >> +                      'openflow ssl listen port')
> >> +gflags.DEFINE_string('ctl_privkey', None, 'controller private key')
> >> +gflags.DEFINE_string('ctl_cert', None, 'controller certificate')
> >>
> >>
> >>  class OpenFlowController(object):
> >> @@ -54,9 +59,18 @@ class OpenFlowController(object):
> >>          self.server_loop()
> >>
> >>      def server_loop(self):
> >> -        server = StreamServer((FLAGS.ofp_listen_host,
> >> -                               FLAGS.ofp_tcp_listen_port),
> >> -                              datapath_connection_factory)
> >> +        if FLAGS.ctl_privkey and FLAGS.ctl_cert is not None:
> >> +            server = StreamServer((FLAGS.ofp_listen_host,
> >> +                                   FLAGS.ofp_ssl_listen_port),
> >> +                                  datapath_connection_factory,
> >> +                                  keyfile=FLAGS.ctl_privkey,
> >> +                                  certfile=FLAGS.ctl_cert,
> >> +                                  ssl_version=ssl.PROTOCOL_TLSv1)
> >
> > Needs to specify the ssl version?
> 
> Oops, I forgot to remove it. I confirmed that this patch worked
> correct without specifying it.

Personally I think we should disallow SSLv2 as its broken.

------------------------------------------------------------------------------
Everyone hates slow websites. So do we.
Make your web apps faster with AppDynamics
Download AppDynamics Lite for free today:
http://p.sf.net/sfu/appdyn_d2d_nov
_______________________________________________
Ryu-devel mailing list
Ryu-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/ryu-devel

Reply via email to