How to change/set preferred SSL cipher suite for relocation (migration)?

How to change/set preferred SSL cipher suite for relocation (migration)?

[Alireza Vaezi]

[-- Attachment #1.1: Type: text/plain, Size: 382 bytes --]

I'm using Xen 4.4.2 and I need to be able to change or set my preferred
(available) ssl cipher suit like RC4-SHA, or DES-CBC-SHA , etc. to be
further used in relocation/migration of domU via ssl.

I suppose I need to make changes in Xen's source code and make-install it
again, yet I don't know where to go and what to change.

I would really appreciate a little help.

S.Alireza.V

[-- Attachment #1.2: Type: text/html, Size: 548 bytes --]

[-- Attachment #2: Type: text/plain, Size: 126 bytes --]

_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xen.org
http://lists.xen.org/xen-devel

Re: How to change/set preferred SSL cipher suite for relocation (migration)?

[Ian Campbell]

On Wed, 2015-12-16 at 01:01 +0330, Alireza Vaezi wrote:
> I'm using Xen 4.4.2 and I need to be able to change or set my preferred
> (available) ssl cipher suit like RC4-SHA, or DES-CBC-SHA , etc. to be
> further used in relocation/migration of domU via ssl.
> 
> I suppose I need to make changes in Xen's source code and make-install it
> again, yet I don't know where to go and what to change. 

Despite appearances this is really a question for xen-users.

"xl migrate" just uses ssh, so you can write whatever options you want into
.ssh/config, including per destination host parameters or whatever.

There is also the -s option which gives a command which is called instead
of ssh, it gets given the $desthost and the command to run there ("xl
migrate-receive [options]") and can use whatever transport it likes to make
that happen (custom ssh command, talking to a custom daemon on the remote
end, etc).

Ian.

_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xen.org
http://lists.xen.org/xen-devel

Re: How to change/set preferred SSL cipher suite for relocation (migration)?

[Alireza Vaezi]

On 12/16/15, Ian Campbell <ian.campbell@citrix.com> wrote:
> On Wed, 2015-12-16 at 01:01 +0330, Alireza Vaezi wrote:
>> I'm using Xen 4.4.2 and I need to be able to change or set my preferred
>> (available) ssl cipher suit like RC4-SHA, or DES-CBC-SHA , etc. to be
>> further used in relocation/migration of domU via ssl.
>>
>> I suppose I need to make changes in Xen's source code and make-install it
>> again, yet I don't know where to go and what to change.
>
> Despite appearances this is really a question for xen-users.
>
> "xl migrate" just uses ssh, so you can write whatever options you want into
> .ssh/config, including per destination host parameters or whatever.
>
> There is also the -s option which gives a command which is called instead
> of ssh, it gets given the $desthost and the command to run there ("xl
> migrate-receive [options]") and can use whatever transport it likes to make
> that happen (custom ssh command, talking to a custom daemon on the remote
> end, etc).
>
> Ian.
>

I should have said this before.
I'm finishing my masters of Computer
Networks and for my research I need to compare the behavior of
different security measures available, - such as protocols like SSH,
SSL, IPSEC, etc.and the confidentiality they provide via encryption
algorithms such as AES, DES, Blowfish, RC4 , etc. - for live migration.

Due to the lack of example about using the -s option and the very VERY
brief description on xen xl's man page about the -s :
-s sshcommand
               Use <sshcommand> instead of ssh.  String will be passed to sh.
               If empty, run <host> instead of ssh <host> xl migrate-receive
               [-d -e].
I needed to know either exactly how I could merely use the -s option to achieve
my goal or to be able to actually modify xen's source code and put the
ability to send migration data through, using SSL, and being able to
choose which cipher to use. The former (using the -s options) must be
far less complex than the latter. so I'd rather now how it could be
used in my case, than changing the source code. But if custom coding
is the only way, then I have and will do it.

This i why I emailed xen-devel for this and because I seriously need
to solve the problem.

So which can do the job for me?

-- 
S.Alireza.V

_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xen.org
http://lists.xen.org/xen-devel

Re: How to change/set preferred SSL cipher suite for relocation (migration)?

[Ian Campbell]

On Thu, 2015-12-17 at 01:52 +0330, Alireza Vaezi wrote:
> On 12/16/15, Ian Campbell <ian.campbell@citrix.com> wrote:
> > On Wed, 2015-12-16 at 01:01 +0330, Alireza Vaezi wrote:
> > > I'm using Xen 4.4.2 and I need to be able to change or set my
> > > preferred
> > > (available) ssl cipher suit like RC4-SHA, or DES-CBC-SHA , etc. to be
> > > further used in relocation/migration of domU via ssl.
> > > 
> > > I suppose I need to make changes in Xen's source code and make-
> > > install it
> > > again, yet I don't know where to go and what to change.
> > 
> > Despite appearances this is really a question for xen-users.
> > 
> > "xl migrate" just uses ssh, so you can write whatever options you want
> > into
> > .ssh/config, including per destination host parameters or whatever.
> > 
> > There is also the -s option which gives a command which is called
> > instead
> > of ssh, it gets given the $desthost and the command to run there ("xl
> > migrate-receive [options]") and can use whatever transport it likes to
> > make
> > that happen (custom ssh command, talking to a custom daemon on the
> > remote
> > end, etc).
> > 
> > Ian.
> > 
> 
> I should have said this before.
> I'm finishing my masters of Computer
> Networks and for my research I need to compare the behavior of
> different security measures available, - such as protocols like SSH,
> SSL, IPSEC, etc.and the confidentiality they provide via encryption
> algorithms such as AES, DES, Blowfish, RC4 , etc. - for live migration.
> 
> Due to the lack of example about using the -s option and the very VERY
> brief description on xen xl's man page about the -s :
> -s sshcommand
>                Use <sshcommand> instead of ssh.  String will be passed to
> sh.
>                If empty, run <host> instead of ssh <host> xl migrate-
> receive
>                [-d -e].
> I needed to know either exactly how I could merely use the -s option to
> achieve
> my goal or to be able to actually modify xen's source code and put the
> ability to send migration data through, using SSL, and being able to
> choose which cipher to use. The former (using the -s options) must be
> far less complex than the latter. so I'd rather now how it could be
> used in my case, than changing the source code. But if custom coding
> is the only way, then I have and will do it.
> 
> This i why I emailed xen-devel for this and because I seriously need
> to solve the problem.
> 
> So which can do the job for me?

I believe xl migrate -s will suite your needs.

I suggest you give it a go and take a look at the code in
tools/libxl/xl_cmdimpl.c if the docs are insufficient. If nothing else you
can start with a script with just "echo $@" and take it from there.

Once you've worked it out then a patch to improve the docs would be much
appreciated.

Ian.


_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xen.org
http://lists.xen.org/xen-devel

How to change/set preferred SSL cipher suite for relocation (migration)?

[Alireza Vaezi]

[-- Attachment #1.1: Type: text/plain, Size: 369 bytes --]

I'm using Xen 4.4.2 and I need to be able to change or set my preferred
(available) ssl cipher suit like RC4-SHA, or DES-CBC-SHA , etc. to be
further used in relocation/migration of domU via ssl.

I suppose I need to make changes in Xen's source code and make-install it
again, yet I don't know where to go and what to change.

I would really appreciate a little help.

[-- Attachment #1.2: Type: text/html, Size: 546 bytes --]

[-- Attachment #2: Type: text/plain, Size: 126 bytes --]

_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xen.org
http://lists.xen.org/xen-devel

How to change/set preferred SSL cipher suite for relocation (migration)?

[Alireza Vaezi]

[-- Attachment #1.1: Type: text/plain, Size: 369 bytes --]

I'm using Xen 4.4.2 and I need to be able to change or set my preferred
(available) ssl cipher suit like RC4-SHA, or DES-CBC-SHA , etc. to be
further used in relocation/migration of domU via ssl.

I suppose I need to make changes in Xen's source code and make-install it
again, yet I don't know where to go and what to change.

I would really appreciate a little help.

[-- Attachment #1.2: Type: text/html, Size: 546 bytes --]

[-- Attachment #2: Type: text/plain, Size: 126 bytes --]

_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xen.org
http://lists.xen.org/xen-devel