aboutsummaryrefslogtreecommitdiffstats
path: root/docs/releasenotes/releasenotes.rst
diff options
context:
space:
mode:
authorMatthieu Geerebaert <matthieu.geerebaert@orange.com>2019-05-10 16:45:37 +0200
committerMatthieu Geerebaert <matthieu.geerebaert@orange.com>2019-05-15 12:39:38 +0200
commit082be1a805d268bb4ae01dc75a8e63da082504ac (patch)
tree24ee18fadb9b8e9ee8e0d0b265a7674a790d4d9f /docs/releasenotes/releasenotes.rst
parent4e864e25383896e6a04d608b86fed31c23b7f3cf (diff)
Document Release note, vulnerabilty section, exposing only a non https API
Add HTTP/HTTPS relative warning in Security Notes section Change-Id: I3fafdcd376fd58a9ad4fcf980cd74707e0799ebe Issue-ID: EXTAPI-238 Signed-off-by: MatthieuGeerebaert <matthieu.geerebaert@orange.com>
Diffstat (limited to 'docs/releasenotes/releasenotes.rst')
-rwxr-xr-xdocs/releasenotes/releasenotes.rst27
1 files changed, 23 insertions, 4 deletions
diff --git a/docs/releasenotes/releasenotes.rst b/docs/releasenotes/releasenotes.rst
index 99dc838..5b656b6 100755
--- a/docs/releasenotes/releasenotes.rst
+++ b/docs/releasenotes/releasenotes.rst
@@ -38,14 +38,33 @@ Many other changes and improvement are listed in JIRA:
**Known Issues**
- `EXTAPI-197 <https://jira.onap.org/browse/EXTAPI-197>`_ - Bad hostname while registering on MSB`
-
-Will be fixed in the next release El Alto
+- `EXTAPI-222 <https://jira.onap.org/browse/EXTAPI-222>`_ - Add support for HTTPS`
**Security Notes**
-NBI still exposes non TLS API endpoint. TLS will be proposed in next the release, El Alto.
+NBI has been improved to reduce signs of vulnerabilities,
+especially by migrating from Springboot 1.x to Springboot 2 and using ONAP Parent pom.xml
+
+Warning: NBI exposes non TLS API endpoint on port 30274, meaning full plain text exchange with NBI API.
+TLS configuration, with ONAP Root CA signed certificate will be proposed in El Alto.
+
+As a workaround it is quite easy to add HTTPS support to NBI by configuring SSL and activating strict https.
+Presuming you have a valid JKS keystore, with private key and a signed certificate:
+
+::
+
+ src/main/resources/application.properties
+
+::
+
+ # tls/ssl
+ server.ssl.key-store-type=JKS
+ server.ssl.key-store=classpath:certificate/yourkeystore.jks
+ server.ssl.key-store-password=password
+ server.ssl.key-alias=youralias
-NBI has been improved to reduce signs of vulnerabilities, especially by migrating from Springboot 1.x to Springboot 2 and using the ONAP Parent pom.xml
+ # disable http and activate https
+ security.require-ssl=true
- `Dublin Vulnerability Report <https://wiki.onap.org/pages/viewpage.action?pageId=51282484>`_