<html><body><p><font size="2" face=" Arial">Hi </font><br><font size="2" face=" Arial"> In </font><a href="https://wiki.openstack.org/wiki/OSSN/OSSN-0039"><font size="2" face=" Arial">https://wiki.openstack.org/wiki/OSSN/OSSN-0039</font></a><font size="2" face=" Arial">, it's requested that </font><font size="2" face=" Arial">SSL/TLS library (OpenSSL in this case) is compiled without SSLv3 </font><font size="2" face=" Arial">,</font><br><font size="2" face=" Arial"> our internal discussion from some security experts suggested we need add some code to </font><a href="https://github.com/openstack/nova/blob/master/nova/wsgi.py#L168"><font size="2" face=" Arial">https://github.com/openstack/nova/blob/master/nova/wsgi.py#L168</font></a><br><font size="2" face=" Arial"> maybe something like: </font><font size="2" face=" Arial">dup_socket = eventlet.wrap_ssl(dup_socket, ssl_version=ssl.PROTOCOL_TLSv1_2,</font><br><font size="2" face=" Arial"> so that </font><font size="2" face=" Arial">nova client only requests TLSv1_2</font><br><br><font size="2" face=" Arial"> so the question is </font><br><font size="2" face=" Arial">1) why nova didn't use oslo service, so we can honor some options like following while seems nova don't have?</font><br><a href="https://github.com/openstack/oslo.service/blob/master/oslo_service/_options.py#L108"><font size="2" face=" Arial">https://github.com/openstack/oslo.service/blob/master/oslo_service/_options.py#L108</font></a><br><a href="https://github.com/openstack/oslo.service/blob/master/oslo_service/_options.py#L114"><font size="2" face=" Arial">https://github.com/openstack/oslo.service/blob/master/oslo_service/_options.py#L114</font></a><br><br><font size="2">2) is there a existing requirement to nova (and maybe other projects) on OSSN 0039 in addition to recompile ssl library? </font><br><br><br><font size="2">Best Regards! <br><br>Kevin (Chen) Ji ¼Í ³¿<br><br>Engineer, zVM Development, CSTL<br>Notes: Chen CH Ji/China/IBM@IBMCN Internet: jichenjc@cn.ibm.com<br>Phone: +86-10-82451493<br>Address: 3/F Ring Building, ZhongGuanCun Software Park, Haidian District, Beijing 100193, PRC </font><BR>
</body></html>