>> OVN-Central/Chassis charm for review of TLS 1.2 in OVN
>
> The default behavior of the Open vSwitch clients and servers is to use the highest protocol version supported [0] and it has been this way since Open vSwitch v2.4.0 [1] which was released in 2014.
>
> The default configuration does allow the use of TLSv1,TLSv1.1,TLSv1.2, so if the intention of this bug is to disallow protocol versions prior to TLSv1.2 that would translate into action necessary for the OVN charms.
>
> 0: http://manpages.ubuntu.com/manpages/focal/man1/ovsdb-server.1.html
> 1: https://github.com/openvswitch/ovs/commit/b56ea5d54e072105b398d26421f9a4578fa6e05b
Just an update on the Open vSwitch part of this bug. While the above is true, and there is an outstanding issue of updating the Open vSwitch defaults and documentation, due to how the defaults are set up for the OpenSSL library in Ubuntu, Open vSwitch and OVN is in effect not affected by this.
The Ubuntu OpenSSL library configuration will make Open vSwitch and OVN only enable TLSv1.2 and TLSv1.3 as long as no configuration is provided for the SSL_Protocols and SSL_Ciphers options.
>> OVN-Central/Chassis charm for review of TLS 1.2 in OVN 1,TLSv1. 2, so if the intention of this bug is to disallow protocol versions prior to TLSv1.2 that would translate into action necessary for the OVN charms. manpages. ubuntu. com/manpages/ focal/man1/ ovsdb-server. 1.html /github. com/openvswitch /ovs/commit/ b56ea5d54e07210 5b398d26421f9a4 578fa6e05b
>
> The default behavior of the Open vSwitch clients and servers is to use the highest protocol version supported [0] and it has been this way since Open vSwitch v2.4.0 [1] which was released in 2014.
>
> The default configuration does allow the use of TLSv1,TLSv1.
>
> 0: http://
> 1: https:/
Just an update on the Open vSwitch part of this bug. While the above is true, and there is an outstanding issue of updating the Open vSwitch defaults and documentation, due to how the defaults are set up for the OpenSSL library in Ubuntu, Open vSwitch and OVN is in effect not affected by this.
The Ubuntu OpenSSL library configuration will make Open vSwitch and OVN only enable TLSv1.2 and TLSv1.3 as long as no configuration is provided for the SSL_Protocols and SSL_Ciphers options.