[oslo][ironic] oslo.service (and IPA) TLS v1.3

Jay Faulkner jay at gr-oss.io
Wed Jan 25 15:57:24 UTC 2023


Hey all,

Ironic Python Agent uses oslo.service's wsgi module as a wsgi server, with
the built in TLS support from sslutils.py. This sslutils.py support only
works up to TLS v1.2. It needs some enhancement.

It was indicated to me in #openstack-oslo that there's nobody working on
this module currently. I know that Ironic can't be the only consumer of
this across OpenStack, so this is a call for interested parties and help.

We have to update this to support modern TLS. It's not an option. I'd
rather not do it alone -- who wants to help?

I was tempted to put something up about this at the PTG; but I'm not sure
it's significant enough to be worth that discussion so I'm starting here :).


Thanks,
Jay Faulkner
Ironic PTL
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.openstack.org/pipermail/openstack-discuss/attachments/20230125/5e16804d/attachment.htm>


More information about the openstack-discuss mailing list