https://jira.opendaylight.org This file is an XML representation of an issue en-us 8.20.10 820010 22-06-2022 https://jira.opendaylight.org/browse/NETCONF-1205 netconf <p>Current <b>odl-netconf-device</b> model (and <b>netconf-node-topology</b> as result) provides no configuration option which defines which private key and trusted certificate to be used by SslHandler when establishing TLS connection. In fact SslHandler is built using a KeyStore instance containing all the private keys and all the trusted certificates which are currently defined in a datastore.</p> <p>More entries are defined in datastore the larger SslHandler instance became, the longer handshake procedure may take. Using same set of keys and certificates for any TLS device may also cause in issue when single un-parseable entry results every TLS device connection failure as described in <a href="https://jira.opendaylight.org/browse/NETCONF-821" title="Mounting a device does not work when multiple TLS Certificates are present " class="issue-link" data-issue-key="NETCONF-821">NETCONF-821</a></p> <p>In order to lightweight SslHandler instance, making handshake faster, configuration more clear and transparent it seems reasonable to provide per device TLS options.</p> <p>Suggested following configuration options under TLS container (connection-parameters grouping):</p> <ul> <li>leaf-list private-key-id &#8211; private key ids</li> <li>leaf-list trusted-certificate-id &#8211; trusted certificate ids</li> </ul> <p>Both expected to be optional and act as filter if defined, full set to be used if undefined</p> NETCONF-1205

Support private keys and trusted certificates configuration on per TLS device basis

Improvement Medium Open Unresolved Unassigned Ruslan Kashapov Tue, 5 Dec 2023 15:21:47 +0000 Tue, 5 Dec 2023 15:21:47 +0000 netconf-client-mdsal netconf-topology 0 1 Relates NETCONF-821 Development Rank 0|i046xj: