settingsLogin | Registersettings

[openstack-dev] [nova] About use oslo_service in nova and fix for OSSN-0039

0 votes

In, it's
requested that SSL/TLS library (OpenSSL in this case) is compiled without
SSLv3 ,
our internal discussion from some security experts suggested
we need add some code to
maybe something like: dupsocket = eventlet.wrapssl
(dupsocket, sslversion=ssl.PROTOCOLTLSv12,
so that nova client only requests TLSv1_2

         so the question is

1) why nova didn't use oslo service, so we can honor some options like
following while seems nova don't have?

2) is there a existing requirement to nova (and maybe other projects) on
OSSN 0039 in addition to recompile ssl library?

Best Regards!

Kevin (Chen) Ji 纪 晨

Engineer, zVM Development, CSTL
Notes: Chen CH Ji/China/IBM@IBMCN Internet:
Phone: +86-10-82451493
Address: 3/F Ring Building, ZhongGuanCun Software Park, Haidian District,
Beijing 100193, PRC

OpenStack Development Mailing List (not for usage questions)
asked Apr 21, 2017 in openstack-dev by Chen_CH_Ji (3,540 points)   4 8