Comment 8 for bug 520270
Revision history for this message
| chris grzegorczyk (chris-grze) wrote Re: [Bug 520270] Re: Support SSL for web services | #8 |
© 2004
Canonical Ltd.
•
Terms of use
•
Data privacy
•
Contact Launchpad Support
•
Blog
•
Careers
•
System status
•
35a32c5
(Get the code!)
The matter of which port the service is running on is (iirc) in the
other bug report which has been triaged/wishlisted upstream:
https:/
thanks.
chris
On Thu, Feb 11, 2010 at 1:56 PM, Robert Collins
<email address hidden> wrote:
> Oh, further to my comment; doing SSL on the same port as HTTP is
> undesirable, unless there is a way to disable HTTP (from outside the
> cluster, obviously) - otherwise firewalls cannot be trivially configured
> to permit one and block the other.
>
> -Rob
>
> --
> Support SSL for web services
> https:/
> You received this bug notification because you are a bug assignee.
>
> Status in Eucalyptus: Invalid
> Status in “eucalyptus” package in Ubuntu: New
>
> Bug description:
> The 8443 admin web page has an SSL certificate, but there doesn't seem to be a SSL web services port (or if it is in fact 8443, then that isn't documented).
>
> While you can't replay or forge requests made over port 80 | 8773, you can sniff and observe them, and some organisations and software refuse to do non-SSL web service requests. Landscape, for instance, requires users of UEC to setup a tunnel so that it is not making cleartext requests.
>
> We should ship SSL by default, with a just-in-time self signed cert, and clear instructions for upgrading to a publically issued certificate.
>
>
>
--
Chris Grzegorczyk
Co-Founder and Engineer
Eucalyptus Systems, Inc.
130 Castilian St. | Goleta, CA | 93117
Office: 805-968-1400 x e^1 | Cell: 805-807-8237
Email: <email address hidden>
www.eucalyptus.com
_______