Comment 4 for bug 1745038

This has a higher impact on the TripleO project. The goal in TripleO is to provide a deployment of OpenStack with SSL/TLS everywhere (all public facing endpoints, all internal API communication):
https://blueprints.launchpad.net/tripleo/+spec/tls-via-certmonger
https://docs.openstack.org/tripleo-docs/latest/install/advanced_deployment/ssl.html (TLS Everywhere for overcloud)

Recently I integrated OpenDaylight into TripleO with TLS support. This means Neutron -> ODL communication uses TLS, and then ODL <-> OVS uses TLS. However, we still use the Neutron DHCP agent with ODL. In a non-secure environment, OVS will run a ptcp listener and accept a connection from anyone to become a manager of the dataplane. This is not acceptable for SSL/TLS deployment as it exposes a vulnerability to the network dataplane. In the deployment we set OVS to listen using pssl so that encryption and identity can be ensured. In order for Neutron agents to be able to manage OVS, they also need to use SSL, hence the need for this fix.