Public bug reported: This report is based on Bandit scanner results.
On https://git.openstack.org/cgit/openstack/nova/tree/nova/console/rfb/authvencrypt.py?h=refs/heads/master#n137 137 wrapped_sock = ssl.wrap_socket( wrap_socket is used without ssl_version that means SSLv23 by default. As server part (QEMU) is based on gnutls supporting all modern TLS versions it is possible to use stricter tls version on the client (TLSv1.2). Another option is to make this param configurable. ** Affects: nova Importance: Undecided Status: New -- You received this bug notification because you are a member of Yahoo! Engineering Team, which is subscribed to OpenStack Compute (nova). https://bugs.launchpad.net/bugs/1771773 Title: Ssl2/3 should not be used for secure VNC access Status in OpenStack Compute (nova): New Bug description: This report is based on Bandit scanner results. On https://git.openstack.org/cgit/openstack/nova/tree/nova/console/rfb/authvencrypt.py?h=refs/heads/master#n137 137 wrapped_sock = ssl.wrap_socket( wrap_socket is used without ssl_version that means SSLv23 by default. As server part (QEMU) is based on gnutls supporting all modern TLS versions it is possible to use stricter tls version on the client (TLSv1.2). Another option is to make this param configurable. To manage notifications about this bug go to: https://bugs.launchpad.net/nova/+bug/1771773/+subscriptions -- Mailing list: https://launchpad.net/~yahoo-eng-team Post to : [email protected] Unsubscribe : https://launchpad.net/~yahoo-eng-team More help : https://help.launchpad.net/ListHelp
