On 9 Dec 2024, at 17:38, Ilya Maximets wrote:
> SSL protocol family is not actually being used or supported in OVS.
> What we use is actually TLS.
>
> Terms "SSL" and "TLS" are often used interchangeably in modern
> software and refer to the same thing, which is normally just TLS.
>
> Let's replace "SSL" with "SSL/TLS" in documentation and user-visible
> messages, where it makes sense. This may make it more clear what
> is meant for a less experienced user that may look for TLS support
> in OVS and not find much.
>
> We're not changing any actual code, because, for example, most of
> OpenSSL APIs are using just SSL, for historical reasons. And our
> database is using "SSL" table. We may consider migrating to "TLS"
> naming for user-visible configuration like command line arguments
> and database names, but that will require extra work on making sure
> upgrades can still work. In general, a slightly more clear
> documentation should be enough for now, especially since term SSL
> is still widely used in the industry.
>
> "SSL/TLS" is chosen over "TLS/SSL" simply because our user-visible
> configuration knobs are using "SSL" naming, e.g. '--ssl-cyphers'
> or 'ovs-vsctl set-ssl'. So, it might be less confusing this way.
> We may switch that, if we decide on re-working the user-visible
> commands towards "TLS" naming, or providing both alternatives.
>
> Some other projects did similar changes. For example, the python ssl
> library is now using "TLS/SSL" in the documentation whenever possible.
> Same goes for OpenSSL itself.
>
> Signed-off-by: Ilya Maximets <[email protected]>
Patchwork did not like the cover letter ACK, so will ack them individually.
Acked-by: Eelco Chaudron <[email protected]>
PS: This was a never-ending patch ;)
_______________________________________________
dev mailing list
[email protected]
https://mail.openvswitch.org/mailman/listinfo/ovs-dev
