I would like to request a feature freeze exception for the Websocket Proxy to Host Security. The spec [1] was approved for Nova, and the patches [2] are currently sitting there with one +2 (courtesy of @danpb), with a +1 from Jenkins. For a TL;DR on the spec, essentially this patch series implements a framework for authenticating and encrypting communication between the VNC proxy and the actual compute nodes, and then implements a TLS/x509 driver using that framework. The patches don't touch much, and are enabled optionally, so they should be relatively "safe". Best Regards, Solly Ross [1] https://review.openstack.org/#/c/115483/ [2] https://review.openstack.org/#/c/115483/, https://review.openstack.org/#/c/115484/