Changeset 156 for etherws/trunk/README.rst
- Timestamp:
- 05/19/12 03:00:33 (12 years ago)
- File:
-
- 1 edited
Legend:
- Unmodified
- Added
- Removed
-
etherws/trunk/README.rst
r152 r156 51 51 # ifconfig eth0 mtu 1400 52 52 53 Tunnel Encryption 54 ================= 55 etherws supports SSL/TLS connection (but client does not verify server 56 certificates). 53 Using SSL/TLS 54 ============= 55 etherws supports SSL/TLS connection. 57 56 If you want to encrypt the tunnel, then you can use following options. 58 57 59 on *Hypervisor1* (options *keyfile* and *certfile* were specified)::58 on *Hypervisor1*:: 60 59 61 60 # etherws server --keyfile ssl.key --certfile ssl.crt 62 61 63 on *Hypervisor2* (option *uri*'s scheme was changed to *wss*):: 62 *ssl.key* is a server private key, and *ssl.crt* is a server certificate. 64 63 65 # etherws client --uri wss://<Hypervisor1's IP address>/ 66 67 You also can test by following command:: 64 Now you also can test SSL/TLS connection by following command:: 68 65 69 66 # openssl s_client -connect <Hypervisor1's IP address>:443 67 68 on *Hypervisor2*:: 69 70 # etherws client --uri wss://<Hypervisor1's IP address>/ --cacerts ssl.crt 71 72 Here, URI scheme was just changed to *wss*, and CA certificate to verify 73 server certificate was specified. 74 75 By the way, client verifies server certificate by default. 76 So, for example, client will die with error messages if your server uses 77 self-signed certificate and client uses another CA certificate. 78 79 If you want to just encrypt the tunnel and do not need to verify 80 certificate, then you can use following option:: 81 82 # etherws client --uri wss://<Hypervisor1's IP address>/ --insecure 83 84 Note: see `<http://docs.python.org/library/ssl.html#certificates>`_ 85 for more information about certificates. 70 86 71 87 Client Authentication
Note: See TracChangeset
for help on using the changeset viewer.