Disabling SSLv3, TLSv1.0 and TLSv1.1 in nova-novncproxy?

Ricardo J. Barberis ricardo at palmtx.com.ar
Fri Apr 12 18:47:28 UTC 2019


Hello list,

I've been tasked with disabling SSLv3, TLSv1.0 and TLSv1.1 in all of our 
public endpoints (not only OpenStack) and I'm having trouble finding where 
does nova-novncproxy sets which protocols to use.

I have nova-novncproxy installed in 2 servers, one CentOS 6.10 (python 2.6) 
tied to an IceHouse installation, the other a CentOS 7 (python 2.7) tied to a 
Queens installation.


Software versions:

[root at vnc01 ~] # rpm -qa \*nova\* \*vnc\* | sort
novnc-0.4-8.el6.noarch
openstack-nova-common-2014.1.5-1.el6.noarch
openstack-nova-novncproxy-2014.1.5-1.el6.noarch
python-nova-2014.1.5-1.el6.noarch
python-novaclient-2.17.0-2.el6.noarch

[root at vnc02 ~] # rpm -qa \*nova\* \*vnc\* | sort
novnc-0.5.1-2.el7.noarch
openstack-nova-common-17.0.9-1.el7.noarch
openstack-nova-novncproxy-17.0.9-1.el7.noarch
python-nova-17.0.9-1.el7.noarch
python2-novaclient-10.1.0-1.el7.noarch


Any pointers will be appreciated.

BTW, I also tried proxying them with nginx but in that case the vnc console 
doesn't work. I didn't try too hard to debug it, though.

Thanks,
-- 
Ricardo J. Barberis
Usuario Linux Nº 250625: http://counter.li.org/
Usuario LFS Nº 5121: http://www.linuxfromscratch.org/
Senior SysAdmin / IT Architect - www.DonWeb.com



More information about the openstack-discuss mailing list