On Tue, Jun 9, 2020 at 10:23 AM Paul-Erik Törrönen <pol...@poltsi.fi> wrote:
> On 2020-06-08 08:58, Yedidyah Bar David wrote:
> > I agree it's not detailed enough.
> > We have it briefly mentioned e.g. here:
> > https://www.ovirt.org/documentation/installing_ovirt_as_a_self-hosted_engine_using_the_cockpit_web_interface/#host-firewall-requirements_SHE_cockpit_deploy
> > For some reason it's marked "Optional", not sure why.
> I think it should also be pointed out that only certain keys are
> supported.
> You can't eg. have a ed25519-only setup as the installation tries to use
> RSA.

Thanks for this comment. Added a note for you on Wart's bug 1845271.

Do you think this is a significant limitation?

In theory, it should not be too hard to make the engine's PKI code
more flexible, allowing configuring it to use whatever algorithms
both openssl/m2crypto and Java support, but in reality this was never
requested. Only relevant change I recall was the request to change
from hash algo SHA1 to SHA256, several years ago (which we did, then,
unconditionally, still hardcoding sha256 in several places).

Thanks and best regards,
Users mailing list -- users@ovirt.org
To unsubscribe send an email to users-le...@ovirt.org
Privacy Statement: https://www.ovirt.org/privacy-policy.html
oVirt Code of Conduct: 
List Archives: 

Reply via email to