openstack-manuals

Security Guide refers to SSL in many places where TLS is more appropriate

Bug #1343571 reported by Robert Clark on 2014-07-17

This bug affects 1 person

Affects		Status	Importance	Assigned to	Milestone
	openstack-manuals	Fix Released	High	Brian Moss	openstack-manuals kilo

Bug Description

The security guide refers to the use of SSL in many places, SSL is a decade old, long replaced by TLS. We should be referring to TLS when we are discussing transport layer security with X509.

Tags:

Bryan D. Payne (bdpayne) on 2014-07-17

Changed in openstack-manuals:
status:	New → Confirmed
importance:	Undecided → High

Revision history for this message

Alexandra Settle (alexandra-settle) wrote on 2014-09-19:

After a quick grep through the current security guide, it seems that this bug could be altered or closed.

All instances of SSL now are SSL/TSL.

Unless the aim is to remove the SSL completely?

Changed in openstack-manuals:
assignee:	nobody → Alexandra Settle (alexandra-settle)

Alexandra Settle (alexandra-settle) on 2014-10-12

Changed in openstack-manuals:
assignee:	Alexandra Settle (alexandra-settle) → nobody
assignee:	nobody → Alexandra Settle (alexandra-settle)

Tom Fifield (fifieldt) on 2014-11-20

Changed in openstack-manuals:
milestone:	none → kilo

Alexandra Settle (alexandra-settle) on 2014-11-20

Changed in openstack-manuals:
assignee:	Alexandra Settle (alexandra-settle) → nobody

Revision history for this message

Bryan D. Payne (bdpayne) wrote on 2015-01-21:

Action here is to remove SSL in favor of TLS or SSL/TLS throughout the entire guide.

Changed in openstack-manuals:
importance:	High → Medium
importance:	Medium → High

Brian Moss (bmoss) on 2015-02-08

Changed in openstack-manuals:
assignee:	nobody → Brian Moss (bmoss)

Revision history for this message

N Dillon (sicarie) wrote on 2015-02-08:

Found another section - Chapter 9 Object Storage (as of Feb 2015), contains several references to SSL only in the 'Load balancer' and 'Object Storage authentication' sections

Revision history for this message

N Dillon (sicarie) wrote on 2015-02-08:

And another section - in Ch 13 Databases - both Database access control section and Database transport security section references SSL (without TLS) frequently as well.

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2015-02-10: Fix proposed to security-doc (master)

Fix proposed to branch: master
Review: https://review.openstack.org/154315

Changed in openstack-manuals:
status:	Confirmed → In Progress

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2015-02-15: Fix merged to security-doc (master)

Reviewed: https://review.openstack.org/154315
Committed: https://git.openstack.org/cgit/openstack/security-doc/commit/?id=3c53e10e06c6e8667926904ad400e8f79600f655
Submitter: Jenkins
Branch: master

commit 3c53e10e06c6e8667926904ad400e8f79600f655
Author: kallimachos <email address hidden>
Date: Tue Feb 10 11:23:18 2015 +1000

Updated SSL to TLS

    References to SSL have been updated to TLS
    as TLS is generally recommended. Some examples
    in the text are specific to SSL; these have not
    been changed.

Change-Id: I40a0e935f5050d041a849bf4835adcd3c29a398f
Closes-Bug: #1343571

Changed in openstack-manuals:
status:	In Progress → Fix Released

Report a bug

This report contains Public information

Everyone can see this information.

You are

Subscribing...

Edit bug mail

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.