git://git.onelab.eu
/
sliver-openvswitch.git
/ blobdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
|
commitdiff
|
tree
raw
|
inline
| side by side
Merge branch 'master' of ssh://git.onelab.eu/git/sliver-openvswitch
[sliver-openvswitch.git]
/
INSTALL.SSL
diff --git
a/INSTALL.SSL
b/INSTALL.SSL
index
f322b41
..
061af97
100644
(file)
--- a/
INSTALL.SSL
+++ b/
INSTALL.SSL
@@
-7,8
+7,8
@@
with OpenSSL. SSL support ensures integrity and confidentiality of
the OpenFlow connections, increasing network security.
This file explains how to configure an Open vSwitch to connect to an
the OpenFlow connections, increasing network security.
This file explains how to configure an Open vSwitch to connect to an
-OpenFlow controller over SSL. Refer to INSTALL
.Linux for instructions
-
on
building Open vSwitch with SSL support.
+OpenFlow controller over SSL. Refer to INSTALL
for instructions on
+building Open vSwitch with SSL support.
Open vSwitch uses TLS version 1.0 or later (TLSv1), as specified by
RFC 2246, which is very similar to SSL version 3.0. TLSv1 was
Open vSwitch uses TLS version 1.0 or later (TLSv1), as specified by
RFC 2246, which is very similar to SSL version 3.0. TLSv1 was
@@
-115,7
+115,7
@@
that contains the PKI structure:
% ovs-pki req+sign ctl controller
ctl-privkey.pem and ctl-cert.pem would need to be copied to the
% ovs-pki req+sign ctl controller
ctl-privkey.pem and ctl-cert.pem would need to be copied to the
-controller for its use at runtime. If you were to use
ovs
-controller,
+controller for its use at runtime. If you were to use
test
-controller,
the simple OpenFlow controller included with Open vSwitch, then the
--private-key and --certificate options, respectively, would point to
these files.
the simple OpenFlow controller included with Open vSwitch, then the
--private-key and --certificate options, respectively, would point to
these files.
@@
-306,10
+306,6
@@
After you have added all of these configuration keys, you may specify
"tcp:" connection methods are still allowed even after SSL has been
configured, so for security you should use only "ssl:" connections.
"tcp:" connection methods are still allowed even after SSL has been
configured, so for security you should use only "ssl:" connections.
-Unlike most Open vSwitch settings, the SSL settings are read only
-once, at ovs-vswitchd startup time. For changes to take effect,
-ovs-vswitchd must be killed and restarted.
-
Reporting Bugs
--------------
Reporting Bugs
--------------