[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Xen-devel] How to change/set preferred SSL cipher suite for relocation (migration)?

On 12/16/15, Ian Campbell <ian.campbell@xxxxxxxxxx> wrote:
> On Wed, 2015-12-16 at 01:01 +0330, Alireza Vaezi wrote:
>> I'm using Xen 4.4.2 and I need to be able to change or set my preferred
>> (available) ssl cipher suit like RC4-SHA, orÂDES-CBC-SHA , etc. to be
>> further used in relocation/migration of domU via ssl.
>> I suppose I need to make changes in Xen's source code and make-install it
>> again, yet I don't know where to go and what to change.
> Despite appearances this is really a question for xen-users.
> "xl migrate" just uses ssh, so you can write whatever options you want into
> .ssh/config, including per destination host parameters or whatever.
> There is also the -s option which gives a command which is called instead
> of ssh, it gets given the $desthost and the command to run there ("xl
> migrate-receive [options]") and can use whatever transport it likes to make
> that happen (custom ssh command, talking to a custom daemon on the remote
> end, etc).
> Ian.

I should have said this before.
I'm finishing my masters of Computer
Networks and for my research I need to compare the behavior of
different security measures available, - such as protocols like SSH,
SSL, IPSEC, etc.and the confidentiality they provide via encryption
algorithms such as AES, DES, Blowfish, RC4 , etc. - for live migration.

Due to the lack of example about using the -s option and the very VERY
brief description on xen xl's man page about the -s :
-s sshcommand
               Use <sshcommand> instead of ssh.  String will be passed to sh.
               If empty, run <host> instead of ssh <host> xl migrate-receive
               [-d -e].
I needed to know either exactly how I could merely use the -s option to achieve
my goal or to be able to actually modify xen's source code and put the
ability to send migration data through, using SSL, and being able to
choose which cipher to use. The former (using the -s options) must be
far less complex than the latter. so I'd rather now how it could be
used in my case, than changing the source code. But if custom coding
is the only way, then I have and will do it.

This i why I emailed xen-devel for this and because I seriously need
to solve the problem.

So which can do the job for me?


Xen-devel mailing list



Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.