Answering my own question: virsh expects a byte containing '\1' post ssl handshake. Libvirtd sends that but obviously the ssl offloader wouldn't do that.
On 4 July 2014 14:29, Parthipan <lpa...@gmail.com> wrote: > Hi, > > I'm trying this setup where an stunnel4 (listening for clients on port > 16514) connects to an unencrypted libvirt backend (on port 16509). When I > point the virsh client to stunnel4 it hangs. > > Looking via tshark: > > 1. virsh completes ssl handshake with stunnel4 > 2. stunnel4 completes tcp handshake with libvirt. > > and that's all. > > When connecting virsh client directly to libvirt (this time encrypted) > tshark shows: > > 1. virsh completes ssl handshake with libvirt (change cypher spec at the > end) > 2. libvirt sends something (I can't decode what libvirt sends, since DH > key exchange is used.) > > Anyway my question really is, can libvirt be run as an unencrypted backend > behind an ssl offloader such as stunnel4? If people do use it like that, > then I can look for any setup issues in mine. > > My package versions: > libvirt: 1.2.2-0ubuntu13.1 > stunnel4: 3:4.53-1.1ubuntu1 > > Thanks > ~parthi >
_______________________________________________ libvirt-users mailing list libvirt-users@redhat.com https://www.redhat.com/mailman/listinfo/libvirt-users
