aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rwxr-xr-xdocs/releasenotes/releasenotes.rst27
1 files changed, 23 insertions, 4 deletions
diff --git a/docs/releasenotes/releasenotes.rst b/docs/releasenotes/releasenotes.rst
index 99dc838..5b656b6 100755
--- a/docs/releasenotes/releasenotes.rst
+++ b/docs/releasenotes/releasenotes.rst
@@ -38,14 +38,33 @@ Many other changes and improvement are listed in JIRA:
**Known Issues**
- `EXTAPI-197 <https://jira.onap.org/browse/EXTAPI-197>`_ - Bad hostname while registering on MSB`
-
-Will be fixed in the next release El Alto
+- `EXTAPI-222 <https://jira.onap.org/browse/EXTAPI-222>`_ - Add support for HTTPS`
**Security Notes**
-NBI still exposes non TLS API endpoint. TLS will be proposed in next the release, El Alto.
+NBI has been improved to reduce signs of vulnerabilities,
+especially by migrating from Springboot 1.x to Springboot 2 and using ONAP Parent pom.xml
+
+Warning: NBI exposes non TLS API endpoint on port 30274, meaning full plain text exchange with NBI API.
+TLS configuration, with ONAP Root CA signed certificate will be proposed in El Alto.
+
+As a workaround it is quite easy to add HTTPS support to NBI by configuring SSL and activating strict https.
+Presuming you have a valid JKS keystore, with private key and a signed certificate:
+
+::
+
+ src/main/resources/application.properties
+
+::
+
+ # tls/ssl
+ server.ssl.key-store-type=JKS
+ server.ssl.key-store=classpath:certificate/yourkeystore.jks
+ server.ssl.key-store-password=password
+ server.ssl.key-alias=youralias
-NBI has been improved to reduce signs of vulnerabilities, especially by migrating from Springboot 1.x to Springboot 2 and using the ONAP Parent pom.xml
+ # disable http and activate https
+ security.require-ssl=true
- `Dublin Vulnerability Report <https://wiki.onap.org/pages/viewpage.action?pageId=51282484>`_