[libvirt-users] certificate pinning
Daniel P. Berrangé
berrange at redhat.com
Mon Dec 10 10:53:12 UTC 2018
On Mon, Dec 10, 2018 at 01:36:37PM +0300, Anastasiya Ruzhanskaya wrote:
> Ok, thank you. I will play around with it.
>
> I also noticed, that libvirt does not use this SNI extension. Actually,this
> not needed here, as we have only one location for server certificate, but
> this requires some modifications in mitmproxy, as for example tls in web
> browsers always include this SNI extensions.
SNI is not relevant to libvirt as it does not use HTTP / virtual hosting.
It is a completely custom binary protocol
> Are there maybe other big differences in tls implementation in libvirt or
> maybe some assumptions that are taken during tls handhake process?
Libvirt just uses gnutls which is a standard impl.
Regards,
Daniel
--
|: https://berrange.com -o- https://www.flickr.com/photos/dberrange :|
|: https://libvirt.org -o- https://fstop138.berrange.com :|
|: https://entangle-photo.org -o- https://www.instagram.com/dberrange :|
More information about the libvirt-users
mailing list