[Openstack] Do we need SSL on nova-api ports?
Vishvananda Ishaya
vishvananda at gmail.com
Tue May 3 18:14:14 UTC 2011
I don't really see any reason for production apps to run on anything other than 80/443. In dev mode it is nice to have other ports, but I don't really see a reason for special ports in production systems.
Vish
On May 3, 2011, at 10:49 AM, Richard Hartmann wrote:
> On Tue, May 3, 2011 at 08:09, Dirk-Willem van Gulik
> <dirk-willem.van.gulik at bbc.co.uk> wrote:
>
>> a) Make SSL only the default (ideally with client cert on as well).
>
> Sounds good to me.
>
>
>> b) Postulate that one port lower there is an optional HTTP port (OFF, or tied to localhost).
>
> The IETF _strongly_ prefers STARTTLS over separate TLS/non-TLS ports.
> If you ever want to get an IANA assignment, you are pretty much
> required to support STARTTLS unless you are working with legacy
> protocols.
>
>
> Using STARTTLS and requiring TLS by default seems like a good option
> for the medium term, to me.
>
>
> Richard
>
> _______________________________________________
> Mailing list: https://launchpad.net/~openstack
> Post to : openstack at lists.launchpad.net
> Unsubscribe : https://launchpad.net/~openstack
> More help : https://help.launchpad.net/ListHelp
More information about the Openstack
mailing list