From 994922a8ba996fe68d047df0e1486fa805dbea31 Mon Sep 17 00:00:00 2001
From: Juan Antonio Osorio Robles <jaosorior@redhat.com>
Date: Mon, 6 Nov 2017 13:31:33 +0200
Subject: Disable live migration over TLS

Due to the fact that it doesn't use a separate CA (or sub CA) for
libvirtd, and that proper SASL is not being used. We are disabling this
option since it doesn't meet the appropriate security requirements.
We'll look into adding this back once these issues get fixed.

Change-Id: I6a5e4db1b6dd6bc8b7e73e53b614b070d15b8a23
Closes-Bug: #1730370
(cherry picked from commit 645757cbd6bdb1a1b75cb4aa8acce80a178099ce)
---
 releasenotes/notes/libvirtd-tls-6de6fb35e0ac0ab1.yaml | 6 ++++++
 1 file changed, 6 insertions(+)
 create mode 100644 releasenotes/notes/libvirtd-tls-6de6fb35e0ac0ab1.yaml

(limited to 'releasenotes/notes')

diff --git a/releasenotes/notes/libvirtd-tls-6de6fb35e0ac0ab1.yaml b/releasenotes/notes/libvirtd-tls-6de6fb35e0ac0ab1.yaml
new file mode 100644
index 00000000..d97e48ed
--- /dev/null
+++ b/releasenotes/notes/libvirtd-tls-6de6fb35e0ac0ab1.yaml
@@ -0,0 +1,6 @@
+---
+security:
+  - |
+    Live migration over TLS has been disabled since the settings it was using
+    don't meet the required security standards. It is currently not possible to
+    enable it via t-h-t.
-- 
cgit 1.2.3-korg