fe9372eceb
The NBD protocol previously runs in clear text, offering no security protection for the data transferred, unless it is tunnelled over some external transport like SSH. Such tunnelling is inefficient and inconvenient to manage. Support for TLS to the NBD clients & servers provided by QEMU was added. In tls-everywhere use case we want to take advantage of this feature to create the certificates and configure qemu to use nbd tls. Closes-Bug: 1793093 Depends-On: Ifa5cf08d5104a62c9c094e3585de33e19e265110 Depends-On: I1db1b60be4907511f0ec0f5aa0f0a45e1c5d9b45 Depends-On: I347881cf4822583179c0c042c42fa1e33dbcedd2 Change-Id: I7d9df304d75bdbe36ecdfe50e5ce6b42a53063cc
13 lines
548 B
YAML
13 lines
548 B
YAML
---
|
|
features:
|
|
- |
|
|
Add support for native TLS encryption on NBD for disk migration
|
|
|
|
The NBD protocol previously runs in clear text, offering no security
|
|
protection for the data transferred, unless it is tunnelled over some
|
|
external transport like SSH. Such tunnelling is inefficient and
|
|
inconvenient to manage. Support for TLS to the NBD clients & servers
|
|
provided by QEMU was added. In tls-everywhere use case we want to
|
|
take advantage of this feature to create the certificates and configure
|
|
qemu to use nbd tls.
|