[libvirt] [libvirt PATCH] qemu: Add support for specifying SPICE TLS ciphers
Jiri Denemark
jdenemar at redhat.com
Tue Apr 3 18:11:05 UTC 2018
On Tue, Apr 03, 2018 at 17:23:50 +0200, Ján Tomko wrote:
> From: Christophe Fergeau <cfergeau at redhat.com>
>
> This commit adds a 'spice_tls_ciphers' parameter in
> qemu.conf which allows to configure which TLS ciphers
> SPICE will be using for its TLS connections.
>
> https://bugzilla.redhat.com/show_bug.cgi?id=1562032
>
> Signed-off-by: Christophe Fergeau <cfergeau at redhat.com>
> Signed-off-by: Ján Tomko <jtomko at redhat.com>
> ---
> This is mostly useful as a workaround for missing crypto policies,
> so I'm not sure if it's upstream material.
Are OpenSSL crypto policies supported upstream? If so, I think we should
just rely on them and leave this workaround for downstreams if they want
it. Also, what would we do if spice changed its TLS code to use another
library, wouldn't it force us to translate the parameters from OpenSSL
to the other library if this happens and this code is merged upstream?
Jirka
More information about the libvir-list
mailing list