Comment 12 for bug 1414790

Sachin,

thanks for your fast answer!

Exposing SSL/TLS configuration is an absolute must if your application supports or depends on it.

In my opinion the bare minimum would be configuration parameters for:

 * Certificate
 * Private Key
 * TLS protocols
 * TLS cipher string
 * verification of server certificates
 * verification of client certificates

And these should be implemented and documented for all contrail services using TLS for communication.

https://bettercrypto.org/static/applied-crypto-hardening.pdf offers a concise overview of TLS configuration parameters in other services if you need examples.

all the best,
Michael