Project

General

Profile

Bug #7018

SPICE libvirt websockets connections aren't encrypted

Added by Dominic Cleal over 7 years ago. Updated over 3 years ago.

Status:
New
Priority:
Normal
Assignee:
-
Category:
Compute resources - libvirt
Target version:
-
Difficulty:
Triaged:
No
Bugzilla link:
Pull request:
Fixed in Releases:
Found in Releases:

Description

When setting up a libvirt VM, the websockets connection isn't encrypted when the websockets_ssl* settings are appropriately configured, but VNC ones are.


Related issues

Related to Foreman - Feature #3601: Use secure websockets for console accessClosed2013-11-07
Related to Foreman - Feature #7805: Add several security related HTTP headers - security hardening.Closed2014-10-03
Related to Foreman - Feature #2569: [RFE] Add ability to encrypt HTML5 spice clientNew

History

#1 Updated by Dominic Cleal over 7 years ago

  • Related to Feature #3601: Use secure websockets for console access added

#2 Updated by Dominic Cleal over 7 years ago

  • Category changed from Compute resources to Compute resources - libvirt

#3 Updated by Dominic Cleal about 7 years ago

  • Related to Feature #7805: Add several security related HTTP headers - security hardening. added

#4 Updated by Dominic Cleal about 7 years ago

This is causing a problem now with Chrome since #7805, as it's not permitting mixed content by default.

https://github.com/theforeman/foreman/pull/1882#issuecomment-61255793

To workaround, click the shield in the address bar, then "Load unsafe script".

#5 Updated by Anonymous over 5 years ago

  • Related to Feature #2569: [RFE] Add ability to encrypt HTML5 spice client added

#6 Updated by Oliver Freyermuth over 3 years ago

  • Triaged set to No

Seems that for Firefox, network.websocket.allowInsecureFromHTTPS is needed in about:config.
Things still fail for me then, but also VNC failed - still investigating.

Also available in: Atom PDF