From: Ben Pfaff Date: Wed, 19 Mar 2008 16:35:11 +0000 (-0700) Subject: Document that we use TLSv1. X-Git-Url: https://pintos-os.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=8d16e3510d6f523d182e94f4e9e5caa4989565fe;p=openvswitch Document that we use TLSv1. --- diff --git a/INSTALL b/INSTALL index db567b71..2efa7623 100644 --- a/INSTALL +++ b/INSTALL @@ -185,8 +185,8 @@ Secure operation over SSL ------------------------- The instructions above set up OpenFlow for operation over a plaintext -TCP connection. Production use of OpenFlow should use SSL to ensure -confidentiality and authenticity of traffic among switches and +TCP connection. Production use of OpenFlow should use SSL[*] to +ensure confidentiality and authenticity of traffic among switches and controllers. To use SSL with OpenFlow, you must set up a public-key infrastructure @@ -219,6 +219,11 @@ instructions below, then the invocation would look like: % secchan -v nl:0 ssl:192.168.1.2 --private-key=sc-privkey.pem \ --certificate=sc-cert.pem --ca-cert=pki/controllerca/cacert.pem +[*] To be specific, OpenFlow uses TLS version 1.0 or later (TLSv1), as + specified by RFC 2246, which is very similar to SSL version 3.0. + TLSv1 was released in January 1999, so all current software and + hardware should implement it. + Establishing a Public Key Infrastructure ----------------------------------------