search for: default_tls_x509_verify

...an.key" cert_file = "/etc/ssl/libvirt/server.lan.crt" ca_file = "/etc/ssl/libvirt/ca.crt" log_filters="3:remote 4:event 3:util.json 3:rpc 1:*" log_outputs="1:file:/var/log/libvirt/libvirtd.log" qemu: default_tls_x509_cert_dir = "/etc/ssl/qemu" default_tls_x509_verify = 1 migration with tls: virsh # migrate vm1 qemu+tls://server2.lan/system --persistent --undefinesource --copy-storage-all --verbose --tls never succeeds. Progress stops typically at high progress amounts (95%-98%), and network traffic drastically drops as well (from 1 gbps+ to nothing). domjobin...

...y flag, but that's not very convenient. Is there a way to set TLS priority for QEMU TLS connections from libvirt configs? This would be equivalent to libvirtd.conf's tls_priority setting, but for QEMU, not for libvirt's own connections. 3) After setting up default_tls_x509_cert_dir and default_tls_x509_verify = 1 (and directories as required see 1), virsh initiated migrations with --tls flag succeed and captures show that it's using TLS. However, they equally succeed without the flag. Is there a way to ensure that only TLS communication is permitted between QEMUs? I tried nbd_tls, but that did not...

...for QEMU TLS connections from libvirt > configs? This would be equivalent to libvirtd.conf's tls_priority > setting, but for QEMU, not for libvirt's own connections. Hmm, this might be useful. Please file a feature request. > 3) After setting up default_tls_x509_cert_dir and > default_tls_x509_verify = 1 (and directories as required see 1), > virsh initiated migrations with --tls flag succeed and captures show > that it's using TLS. However, they equally succeed without the flag. Once you specify '--tls' both the connection for migration of the qemu state and the NBD connect...