SSL configuration for ovn-nb database access.
Summary:
private_key string
certificate string
ca_cert string
bootstrap_ca_cert boolean
ssl_protocols string
ssl_ciphers string
Common Columns:
external_ids map of string-string pairs
Details:
private_key: string
Name of a PEM file containing the private key used as the
switch's identity for SSL connections to the controller.
certificate: string
Name of a PEM file containing a certificate, signed by the
certificate authority (CA) used by the controller and
manager, that certifies the switch's private key,
identifying a trustworthy switch.
ca_cert: string
Name of a PEM file containing the CA certificate used to
verify that the switch is connected to a trustworthy
controller.
bootstrap_ca_cert: boolean
If set to true, then Open vSwitch will attempt to obtain
the CA certificate from the controller on its first SSL
connection and save it to the named PEM file. If it is
successful, it will immediately drop the connection and
reconnect, and from then on all SSL connections must be
authenticated by a certificate signed by the CA
certificate thus obtained. This option exposes the SSL
connection to a man-in-the-middle attack obtaining the
initial CA certificate. It may still be useful for
bootstrapping.
ssl_protocols: string
List of SSL protocols to be enabled for SSL connections.
The default when this option is omitted is
TLSv1,TLSv1.1,TLSv1.2.
ssl_ciphers: string
List of ciphers (in OpenSSL cipher string format) to be
supported for SSL connections. The default when this
option is omitted is HIGH:!aNULL:!MD5.
Common Columns:
The overall purpose of these columns is described under Common
Columns at the beginning of this document.
external_ids: map of string-string pairs
