search for: vnc_tls

Dear libvirt team, we a currently in a pci-dss certification process and our security scanner found weak ciphers in the vlc_tls service on our centos6 box: When I scan using sslscan I can see that sslv3 and rc4 is accepted: inf0rmix@tardis:~$ sslscan myhost:16514 | grep Accepted Accepted SSLv3 256 bits DHE-RSA-AES256-SHA Accepted SSLv3 256 bits AES256-SHA Accepted SSLv3 128

(Posted few days ago on qemu group but no reactions) Do I understand correctly that ssl shoudl be configured independently for libvirt and each hypervisor? I asked because I configured libvirt connection as qemu+tls://bambus.kjonca/system?pkipath=... (and on bambus in /etc/libvirt/libvirtd.conf) I set key_file = ... cert_file = ... ca_file = ... But after connect and lauching (on bambus) vm I

...s on localhost for VNC consoles. If you grep vnc out of the qemu.conf, you'll get hints at a bunch of different options. More than likely you want the vnc_listen config parameter. ~]# grep vnc /etc/libvirt/qemu.conf vnc_listen = "X.X.X.X" # over vnc_listen. #vnc_auto_unix_socket = 1 #vnc_tls = 1 # default it to keep them in /etc/pki/libvirt-vnc. This directory #vnc_tls_x509_cert_dir = "/etc/pki/libvirt-vnc" # certificate signed by the CA in /etc/pki/libvirt-vnc/ca-cert.pem #vnc_tls_x509_verify = 1 #vnc_password = "XYZ12345" #vnc_sasl = 1 #vnc_sasl_dir = "/some/...

...grep vnc out of the qemu.conf, you'll get hints at a bunch of > different options. > More than likely you want the vnc_listen config parameter. > > ~]# grep vnc /etc/libvirt/qemu.conf > vnc_listen = "X.X.X.X" > # over vnc_listen. > #vnc_auto_unix_socket = 1 > #vnc_tls = 1 > # default it to keep them in /etc/pki/libvirt-vnc. This directory > #vnc_tls_x509_cert_dir = "/etc/pki/libvirt-vnc" > # certificate signed by the CA in /etc/pki/libvirt-vnc/ca-cert.pem > #vnc_tls_x509_verify = 1 > #vnc_password = "XYZ12345" > #vnc_sasl =...

...And that is because there might be various requirements for various use cases. > protocol (BTW not spice?), so I am confused. > should I configure in /etc/libvirt/qemu.conf > There is default_tls which should be enough to start, then you need to turn on tls usage for want. There's vnc_tls, spice_tls, vxhs_tls, nbd_tls, migrate_tls, backup_tls, and you can even configure different certificates for each of them. >spice_tls option and certificates ? > That, and also don't forget to configure the domain XML so that it uses what you want, probably something like: <graphic...

Hello everyone - I am trying to use virt-viewer to connect to KVM virtual machines running on a CentOS7 host. It works great when running directly on the host, but I have not been able to figure out the magic connection string to make it work from another computer. On the host, I set selinux to "permissive" and stopped the firewalld service. No change, so it is not related to