[libvirt-users] libvirt behind stunnel4
Parthipan
lparth at gmail.com
Tue Jul 8 15:08:58 UTC 2014
Answering my own question:
virsh expects a byte containing '\1' post ssl handshake. Libvirtd sends
that but obviously the ssl offloader wouldn't do that.
On 4 July 2014 14:29, Parthipan <lparth at gmail.com> wrote:
> Hi,
>
> I'm trying this setup where an stunnel4 (listening for clients on port
> 16514) connects to an unencrypted libvirt backend (on port 16509). When I
> point the virsh client to stunnel4 it hangs.
>
> Looking via tshark:
>
> 1. virsh completes ssl handshake with stunnel4
> 2. stunnel4 completes tcp handshake with libvirt.
>
> and that's all.
>
> When connecting virsh client directly to libvirt (this time encrypted)
> tshark shows:
>
> 1. virsh completes ssl handshake with libvirt (change cypher spec at the
> end)
> 2. libvirt sends something (I can't decode what libvirt sends, since DH
> key exchange is used.)
>
> Anyway my question really is, can libvirt be run as an unencrypted backend
> behind an ssl offloader such as stunnel4? If people do use it like that,
> then I can look for any setup issues in mine.
>
> My package versions:
> libvirt: 1.2.2-0ubuntu13.1
> stunnel4: 3:4.53-1.1ubuntu1
>
> Thanks
> ~parthi
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/libvirt-users/attachments/20140708/e0447077/attachment.htm>
More information about the libvirt-users
mailing list