SSL configuration for ovn-nb database access.
Summary:
private_key
string
certificate
string
ca_cert
string
bootstrap_ca_cert
boolean
ssl_protocols
string
ssl_ciphers
string
Common Columns:
external_ids
map of string-string pairs
Details:
private_key
: string
Name of a PEM file containing the private key used as the
switch's identity for SSL connections to the controller.
certificate
: string
Name of a PEM file containing a certificate, signed by the
certificate authority (CA) used by the controller and
manager, that certifies the switch's private key,
identifying a trustworthy switch.
ca_cert
: string
Name of a PEM file containing the CA certificate used to
verify that the switch is connected to a trustworthy
controller.
bootstrap_ca_cert
: boolean
If set to true
, then Open vSwitch will attempt to obtain
the CA certificate from the controller on its first SSL
connection and save it to the named PEM file. If it is
successful, it will immediately drop the connection and
reconnect, and from then on all SSL connections must be
authenticated by a certificate signed by the CA
certificate thus obtained. This option exposes the SSL
connection to a man-in-the-middle attack obtaining the
initial CA certificate.
It may still be useful for
bootstrapping.
ssl_protocols
: string
List of SSL protocols to be enabled for SSL connections.
The default when this option is omitted is
TLSv1,TLSv1.1,TLSv1.2
.
ssl_ciphers
: string
List of ciphers (in OpenSSL cipher string format) to be
supported for SSL connections. The default when this
option is omitted is HIGH:!aNULL:!MD5
.
Common Columns:
The overall purpose of these columns is described under Common
Columns
at the beginning of this document.
external_ids
: map of string-string pairs