git://git.onelab.eu
/
sliver-openvswitch.git
/ blobdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
|
commitdiff
|
tree
raw
|
inline
| side by side
Merge commit '10a89ef04df5669c5cdd02f786150a7ab8454e01'
[sliver-openvswitch.git]
/
INSTALL.SSL
diff --git
a/INSTALL.SSL
b/INSTALL.SSL
index
3b625fb
..
8eb0c49
100644
(file)
--- a/
INSTALL.SSL
+++ b/
INSTALL.SSL
@@
-2,15
+2,13
@@
================================
If you plan to configure Open vSwitch to connect across the network to
================================
If you plan to configure Open vSwitch to connect across the network to
-an OpenFlow controller, then we recommend that you configure and
-enable SSL support in Open vSwitch. SSL support ensures integrity and
-confidentiality of the OpenFlow connections, increasing network
-security.
+an OpenFlow controller, then we recommend that you build Open vSwitch
+with OpenSSL. SSL support ensures integrity and confidentiality of
+the OpenFlow connections, increasing network security.
This file explains how to configure an Open vSwitch to connect to an
This file explains how to configure an Open vSwitch to connect to an
-OpenFlow controller over SSL. Refer to INSTALL.Linux for instructions
-on building Open vSwitch with SSL support. (In particular, you must
-pass --enable-ssl to the "configure" script to use SSL.)
+OpenFlow controller over SSL. Refer to INSTALL for instructions on
+building Open vSwitch with SSL support.
Open vSwitch uses TLS version 1.0 or later (TLSv1), as specified by
RFC 2246, which is very similar to SSL version 3.0. TLSv1 was
Open vSwitch uses TLS version 1.0 or later (TLSv1), as specified by
RFC 2246, which is very similar to SSL version 3.0. TLSv1 was
@@
-308,10
+306,6
@@
After you have added all of these configuration keys, you may specify
"tcp:" connection methods are still allowed even after SSL has been
configured, so for security you should use only "ssl:" connections.
"tcp:" connection methods are still allowed even after SSL has been
configured, so for security you should use only "ssl:" connections.
-Unlike most Open vSwitch settings, the SSL settings are read only
-once, at ovs-vswitchd startup time. For changes to take effect,
-ovs-vswitchd must be killed and restarted.
-
Reporting Bugs
--------------
Reporting Bugs
--------------