Implement TLS mutual authentication to improve security
Currently Fuel for accessing API endpoints implements basic authentication: requires to use appropriate user and password.
Since python OpenStack clients implements TLS mutual authentication, it is highly desirable to add additional layer of security and require both communication endpoints to mutually authenticate each other.
Note that it greatly improves OpenStack security and partially implements 'multi factor' requirement, as it enables to use: username, password along with TLS certificate to successfully connect to API endpoint.
TLS mutual authentication also reduces potential for DOS attack impact, since all connections not supplying appropriate TLS certificates gets dropped immadiatelly by HAProxy.
References:
http://
http://
https:/
http://
https:/
Blueprint information
- Status:
- Not started
- Approver:
- None
- Priority:
- Undefined
- Drafter:
- Adam Heczko
- Direction:
- Needs approval
- Assignee:
- None
- Definition:
- New
- Series goal:
- None
- Implementation:
- Unknown
- Milestone target:
- None
- Started by
- Completed by