Daniel P. Berrange wrote:
For the libvirtd we currently use two ports 16509 - TCP unencrypted stream 16514 - TLS encrypted stream My first thought is that we should really use consequetive port numbers eg 16510 and 16511.
A few comments ...We don't need to use two ports if we either use a "STARTTLS"-style upgrading of unencrypted to encrypted connections (which is the recommended way to do things instead of using two ports), or more simply we just ditch unencrypted connections. They're disabled by default anyway and not in any way required unless we want libvirt to build without GnuTLS.
The port number (16514) is not allocated by IANA, which is good.IANA registration is a good thing because it makes it less likely that libvirtd will fail to start because some other service is using that port.
No one got my ZX81 joke, obviously ... Rich. -- Emerging Technologies, Red Hat - http://et.redhat.com/~rjones/ Registered Address: Red Hat UK Ltd, Amberley Place, 107-111 Peascod Street, Windsor, Berkshire, SL4 1TE, United Kingdom. Registered in England and Wales under Company Registration No. 03798903
Attachment:
smime.p7s
Description: S/MIME Cryptographic Signature