On Tue, Jun 9, 2020 at 10:23 AM Paul-Erik Törrönen <pol...@poltsi.fi> wrote: > > On 2020-06-08 08:58, Yedidyah Bar David wrote: > > I agree it's not detailed enough. > > We have it briefly mentioned e.g. here: > > https://www.ovirt.org/documentation/installing_ovirt_as_a_self-hosted_engine_using_the_cockpit_web_interface/#host-firewall-requirements_SHE_cockpit_deploy > > For some reason it's marked "Optional", not sure why. > > I think it should also be pointed out that only certain keys are > supported. > > You can't eg. have a ed25519-only setup as the installation tries to use > RSA.
Thanks for this comment. Added a note for you on Wart's bug 1845271. Do you think this is a significant limitation? In theory, it should not be too hard to make the engine's PKI code more flexible, allowing configuring it to use whatever algorithms both openssl/m2crypto and Java support, but in reality this was never requested. Only relevant change I recall was the request to change from hash algo SHA1 to SHA256, several years ago (which we did, then, unconditionally, still hardcoding sha256 in several places). Thanks and best regards, -- Didi _______________________________________________ Users mailing list -- firstname.lastname@example.org To unsubscribe send an email to users-le...@ovirt.org Privacy Statement: https://www.ovirt.org/privacy-policy.html oVirt Code of Conduct: https://www.ovirt.org/community/about/community-guidelines/ List Archives: https://email@example.com/message/KHCN2AKH7RYQKIMZE7AGYZDOQH4P3FMQ/