diff --git a/src/main/java/net/floodlightcontroller/core/internal/OFChannelHandler.java b/src/main/java/net/floodlightcontroller/core/internal/OFChannelHandler.java
index ca76c6af55d27536b3741538e47d8a86056d73d3..932d522e7e23910d88ec44b47112ef8858e55970 100644
--- a/src/main/java/net/floodlightcontroller/core/internal/OFChannelHandler.java
+++ b/src/main/java/net/floodlightcontroller/core/internal/OFChannelHandler.java
@@ -587,6 +587,10 @@ class OFChannelHandler extends IdleStateAwareChannelHandler {
} else if (e.getCause() instanceof RejectedExecutionException) {
log.warn("Could not process message: queue full");
counters.rejectedExecutionException.increment();
+ } else if (e.getCause() instanceof IllegalArgumentException) {
+ log.error("Could not decode OpenFlow protocol version from switch {}. Perhaps the switch is trying to use SSL and the controller is not (or vice versa)? {}", getConnectionInfoString(), e.getCause());
+ counters.switchSslConfigurationError.increment();
+ ctx.getChannel().close();
} else {
log.error("Error while processing message from switch "
+ getConnectionInfoString()
diff --git a/src/main/java/net/floodlightcontroller/core/internal/OFSwitchManager.java b/src/main/java/net/floodlightcontroller/core/internal/OFSwitchManager.java
index dc248c074803969e8c5cb0d409ac700d26e1166d..1f4ff7503d7925fb32e581b62dddcbde724c6e13 100644
--- a/src/main/java/net/floodlightcontroller/core/internal/OFSwitchManager.java
+++ b/src/main/java/net/floodlightcontroller/core/internal/OFSwitchManager.java
@@ -90,10 +90,13 @@ public class OFSwitchManager implements IOFSwitchManager, INewOFConnectionListen
private IStoreClient<DatapathId, SwitchSyncRepresentation> storeClient;
public static final String SWITCH_SYNC_STORE_NAME = OFSwitchManager.class.getCanonicalName() + ".stateStore";
+ private static String keyStorePassword;
+ private static String keyStore;
+ private static boolean useSsl = false;
private ConcurrentHashMap<DatapathId, OFSwitchHandshakeHandler> switchHandlers;
private ConcurrentHashMap<DatapathId, IOFSwitchBackend> switches;
- private ConcurrentHashMap<DatapathId, IOFSwitch> syncedSwitches;
+ private ConcurrentHashMap<DatapathId, IOFSwitch> syncedSwitches;
private ISwitchDriverRegistry driverRegistry;
@@ -631,7 +634,7 @@ public class OFSwitchManager implements IOFSwitchManager, INewOFConnectionListen
// Module variables
switchHandlers = new ConcurrentHashMap<DatapathId, OFSwitchHandshakeHandler>();
switches = new ConcurrentHashMap<DatapathId, IOFSwitchBackend>();
- syncedSwitches = new ConcurrentHashMap<DatapathId, IOFSwitch>();
+ syncedSwitches = new ConcurrentHashMap<DatapathId, IOFSwitch>();
floodlightProvider.getTimer();
counters = new SwitchManagerCounters(debugCounterService);
driverRegistry = new NaiveSwitchDriverRegistry(this);
@@ -649,6 +652,36 @@ public class OFSwitchManager implements IOFSwitchManager, INewOFConnectionListen
throw new FloodlightModuleException("Error while setting up sync store client", e);
} */
+ /*
+ * Get SSL config.
+ *
+ * If a password is blank, the password field may or may not be specified.
+ * If it is specified, an empty string will be expected for blank.
+ *
+ * The path MUST be specified if SSL is enabled.
+ */
+ Map<String, String> configParams = context.getConfigParams(this);
+ String path = configParams.get("keyStorePath");
+ String pass = configParams.get("keyStorePassword");
+ String useSsl = configParams.get("useSsl");
+
+ if (useSsl == null || path == null || path.isEmpty() ||
+ (!useSsl.equalsIgnoreCase("yes") && !useSsl.equalsIgnoreCase("true") &&
+ !useSsl.equalsIgnoreCase("yep") && !useSsl.equalsIgnoreCase("ja") &&
+ !useSsl.equalsIgnoreCase("stimmt")
+ )
+ ) {
+ log.warn("SSL disabled. Using unsecure connections between Floodlight and switches.");
+ OFSwitchManager.useSsl = false;
+ OFSwitchManager.keyStore = null;
+ OFSwitchManager.keyStorePassword = null;
+ } else {
+ log.warn("SSL enabled. Using secure connections between Floodlight and switches.");
+ log.info("SSL keystore path: {}, password: {}", path, (pass == null ? "" : pass));
+ OFSwitchManager.useSsl = true;
+ OFSwitchManager.keyStore = path;
+ OFSwitchManager.keyStorePassword = (pass == null ? "" : pass);
+ }
}
@Override
@@ -687,8 +720,9 @@ public class OFSwitchManager implements IOFSwitchManager, INewOFConnectionListen
bootstrap.setOption("child.tcpNoDelay", true);
bootstrap.setOption("child.sendBufferSize", Controller.SEND_BUFFER_SIZE);
- ChannelPipelineFactory pfact =
- new OpenflowPipelineFactory(this, floodlightProvider.getTimer(), this, debugCounterService);
+ ChannelPipelineFactory pfact = useSsl ? new OpenflowPipelineFactory(this, floodlightProvider.getTimer(), this, debugCounterService, keyStore, keyStorePassword) :
+ new OpenflowPipelineFactory(this, floodlightProvider.getTimer(), this, debugCounterService);
+
bootstrap.setPipelineFactory(pfact);
InetSocketAddress sa = new InetSocketAddress(floodlightProvider.getOFPort());
final ChannelGroup cg = new DefaultChannelGroup();
@@ -805,60 +839,60 @@ public class OFSwitchManager implements IOFSwitchManager, INewOFConnectionListen
switchAddedToStore(sw);
}
}
-
+
+ /**
+ * Called when we receive a store notification about a switch that
+ * has been removed from the sync store
+ * @param dpid
+ */
+ private synchronized void switchRemovedFromStore(DatapathId dpid) {
+ if (floodlightProvider.getRole() != HARole.STANDBY) {
+ return; // only read from store if slave
+ }
+ IOFSwitch oldSw = syncedSwitches.remove(dpid);
+ if (oldSw != null) {
+ addUpdateToQueue(new SwitchUpdate(dpid, SwitchUpdateType.REMOVED));
+ } else {
+ // TODO: the switch was deleted (tombstone) before we ever
+ // knew about it (or was deleted repeatedly). Can this
+ // happen? When/how?
+ }
+ }
+
/**
- * Called when we receive a store notification about a switch that
- * has been removed from the sync store
- * @param dpid
- */
- private synchronized void switchRemovedFromStore(DatapathId dpid) {
- if (floodlightProvider.getRole() != HARole.STANDBY) {
- return; // only read from store if slave
- }
- IOFSwitch oldSw = syncedSwitches.remove(dpid);
- if (oldSw != null) {
- addUpdateToQueue(new SwitchUpdate(dpid, SwitchUpdateType.REMOVED));
- } else {
- // TODO: the switch was deleted (tombstone) before we ever
- // knew about it (or was deleted repeatedly). Can this
- // happen? When/how?
- }
- }
-
- /**
- * Called when we receive a store notification about a new or updated
- * switch.
- * @param sw
- */
- private synchronized void switchAddedToStore(IOFSwitch sw) {
- if (floodlightProvider.getRole() != HARole.STANDBY) {
- return; // only read from store if slave
- }
- DatapathId dpid = sw.getId();
-
- IOFSwitch oldSw = syncedSwitches.put(dpid, sw);
- if (oldSw == null) {
- addUpdateToQueue(new SwitchUpdate(dpid, SwitchUpdateType.ADDED));
- } else {
- // The switch already exists in storage, see if anything
- // has changed
- sendNotificationsIfSwitchDiffers(oldSw, sw);
- }
- }
-
- /**
- * Check if the two switches differ in their ports or in other
- * fields and if they differ enqueue a switch update
- * @param oldSw
- * @param newSw
- */
- private synchronized void sendNotificationsIfSwitchDiffers(IOFSwitch oldSw, IOFSwitch newSw) {
- /*TODO @Ryan Collection<PortChangeEvent> portDiffs = oldSw.comparePorts(newSw.getPorts());
+ * Called when we receive a store notification about a new or updated
+ * switch.
+ * @param sw
+ */
+ private synchronized void switchAddedToStore(IOFSwitch sw) {
+ if (floodlightProvider.getRole() != HARole.STANDBY) {
+ return; // only read from store if slave
+ }
+ DatapathId dpid = sw.getId();
+
+ IOFSwitch oldSw = syncedSwitches.put(dpid, sw);
+ if (oldSw == null) {
+ addUpdateToQueue(new SwitchUpdate(dpid, SwitchUpdateType.ADDED));
+ } else {
+ // The switch already exists in storage, see if anything
+ // has changed
+ sendNotificationsIfSwitchDiffers(oldSw, sw);
+ }
+ }
+
+ /**
+ * Check if the two switches differ in their ports or in other
+ * fields and if they differ enqueue a switch update
+ * @param oldSw
+ * @param newSw
+ */
+ private synchronized void sendNotificationsIfSwitchDiffers(IOFSwitch oldSw, IOFSwitch newSw) {
+ /*TODO @Ryan Collection<PortChangeEvent> portDiffs = oldSw.comparePorts(newSw.getPorts());
for (PortChangeEvent ev: portDiffs) {
SwitchUpdate update = new SwitchUpdate(newSw.getId(),
SwitchUpdateType.PORTCHANGED,
ev.port, ev.type);
addUpdateToQueue(update);
}*/
- }
+ }
}
diff --git a/src/main/java/net/floodlightcontroller/core/internal/OpenflowPipelineFactory.java b/src/main/java/net/floodlightcontroller/core/internal/OpenflowPipelineFactory.java
index 23f3f01413dbf4926f431ae7ce113f11ef39310f..7dbcbf32eb6869671a4859fed538986016ef1092 100644
--- a/src/main/java/net/floodlightcontroller/core/internal/OpenflowPipelineFactory.java
+++ b/src/main/java/net/floodlightcontroller/core/internal/OpenflowPipelineFactory.java
@@ -1,29 +1,44 @@
/**
-* Copyright 2011, Big Switch Networks, Inc.
-* Originally created by David Erickson, Stanford University
-*
-* Licensed under the Apache License, Version 2.0 (the "License"); you may
-* not use this file except in compliance with the License. You may obtain
-* a copy of the License at
-*
-* http://www.apache.org/licenses/LICENSE-2.0
-*
-* Unless required by applicable law or agreed to in writing, software
-* distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
-* WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
-* License for the specific language governing permissions and limitations
-* under the License.
-**/
+ * Copyright 2011, Big Switch Networks, Inc.
+ * Originally created by David Erickson, Stanford University
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License"); you may
+ * not use this file except in compliance with the License. You may obtain
+ * a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+ * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+ * License for the specific language governing permissions and limitations
+ * under the License.
+ **/
package net.floodlightcontroller.core.internal;
+import java.io.FileInputStream;
+import java.security.KeyStore;
+
+import javax.annotation.Nonnull;
+import javax.net.ssl.KeyManager;
+import javax.net.ssl.KeyManagerFactory;
+import javax.net.ssl.SSLContext;
+import javax.net.ssl.SSLEngine;
+import javax.net.ssl.TrustManager;
+import javax.net.ssl.TrustManagerFactory;
+
import org.jboss.netty.channel.ChannelPipeline;
import org.jboss.netty.channel.ChannelPipelineFactory;
import org.jboss.netty.channel.Channels;
+import org.jboss.netty.handler.ssl.SslHandler;
import org.jboss.netty.handler.timeout.IdleStateHandler;
import org.jboss.netty.handler.timeout.ReadTimeoutHandler;
import org.jboss.netty.util.ExternalResourceReleasable;
import org.jboss.netty.util.Timer;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+
import net.floodlightcontroller.debugcounter.IDebugCounterService;
/**
@@ -31,92 +46,153 @@ import net.floodlightcontroller.debugcounter.IDebugCounterService;
* @author readams, sovietaced
*/
public class OpenflowPipelineFactory
- implements ChannelPipelineFactory, ExternalResourceReleasable {
-
- protected IOFSwitchManager switchManager;
- protected INewOFConnectionListener connectionListener;
- protected Timer timer;
- protected IdleStateHandler idleHandler;
- protected ReadTimeoutHandler readTimeoutHandler;
- protected IDebugCounterService debugCounters;
-
- public OpenflowPipelineFactory(IOFSwitchManager switchManager, Timer timer,
- INewOFConnectionListener connectionListener,
- IDebugCounterService debugCounters) {
- super();
- this.switchManager = switchManager;
- this.connectionListener = connectionListener;
- this.timer = timer;
- this.debugCounters = debugCounters;
- this.idleHandler = new IdleStateHandler(
- timer,
- PipelineIdleReadTimeout.MAIN,
- PipelineIdleWriteTimeout.MAIN,
- 0);
- this.readTimeoutHandler = new ReadTimeoutHandler(timer, 30);
- }
-
- @Override
- public ChannelPipeline getPipeline() throws Exception {
- ChannelPipeline pipeline = Channels.pipeline();
- OFChannelHandler handler = new OFChannelHandler(switchManager,
- connectionListener,
- pipeline,
- debugCounters,
- timer);
-
- pipeline.addLast(PipelineHandler.OF_MESSAGE_DECODER,
- new OFMessageDecoder());
- pipeline.addLast(PipelineHandler.OF_MESSAGE_ENCODER,
- new OFMessageEncoder());
- pipeline.addLast(PipelineHandler.MAIN_IDLE, idleHandler);
- pipeline.addLast(PipelineHandler.READ_TIMEOUT, readTimeoutHandler);
- pipeline.addLast(PipelineHandler.CHANNEL_HANDSHAKE_TIMEOUT,
- new HandshakeTimeoutHandler(
- handler,
- timer,
- PipelineHandshakeTimeout.CHANNEL));
- pipeline.addLast(PipelineHandler.CHANNEL_HANDLER, handler);
- return pipeline;
- }
-
- @Override
- public void releaseExternalResources() {
- timer.stop();
- }
-
- public static class PipelineHandler {
- final static String CHANNEL_HANDSHAKE_TIMEOUT = "channelhandshaketimeout";
- final static String SWITCH_HANDSHAKE_TIMEOUT = "switchhandshaketimeout";
- final static String CHANNEL_HANDLER = "channelhandler";
- final static String MAIN_IDLE = "mainidle";
- final static String AUX_IDLE = "auxidle";
- final static String OF_MESSAGE_DECODER = "ofmessagedecoder";
- final static String OF_MESSAGE_ENCODER = "ofmessageencoder";
- final static String READ_TIMEOUT = "readtimeout";
- }
-
- /**
- * Timeouts for parts of the handshake, in seconds
- */
- public static class PipelineHandshakeTimeout {
- final static int CHANNEL = 10;
- final static int SWITCH = 30;
- }
-
- /**
- * Timeouts for writes on connections, in seconds
- */
- public static class PipelineIdleWriteTimeout {
- final static int MAIN = 2;
- final static int AUX = 15;
- }
-
- /**
- * Timeouts for reads on connections, in seconds
- */
- public static class PipelineIdleReadTimeout {
- final static int MAIN = 3 * PipelineIdleWriteTimeout.MAIN;
- final static int AUX = 3 * PipelineIdleWriteTimeout.AUX;
- }
+implements ChannelPipelineFactory, ExternalResourceReleasable {
+ private static final Logger log = LoggerFactory.getLogger(OpenflowPipelineFactory.class);
+ protected IOFSwitchManager switchManager;
+ protected INewOFConnectionListener connectionListener;
+ protected Timer timer;
+ protected IdleStateHandler idleHandler;
+ protected ReadTimeoutHandler readTimeoutHandler;
+ protected IDebugCounterService debugCounters;
+ private String keyStore;
+ private String keyStorePassword;
+
+ private void init(IOFSwitchManager switchManager, Timer timer,
+ INewOFConnectionListener connectionListener,
+ IDebugCounterService debugCounters) {
+ this.switchManager = switchManager;
+ this.connectionListener = connectionListener;
+ this.timer = timer;
+ this.debugCounters = debugCounters;
+ this.idleHandler = new IdleStateHandler(
+ timer,
+ PipelineIdleReadTimeout.MAIN,
+ PipelineIdleWriteTimeout.MAIN,
+ 0);
+ this.readTimeoutHandler = new ReadTimeoutHandler(timer, 30);
+ }
+
+ public OpenflowPipelineFactory(IOFSwitchManager switchManager, Timer timer,
+ INewOFConnectionListener connectionListener,
+ IDebugCounterService debugCounters) {
+ super();
+ init(switchManager,timer, connectionListener, debugCounters);
+ this.keyStore = null;
+ this.keyStorePassword = null;
+ }
+
+ public OpenflowPipelineFactory(IOFSwitchManager switchManager, Timer timer,
+ INewOFConnectionListener connectionListener,
+ IDebugCounterService debugCounters,
+ @Nonnull String keyStore, @Nonnull String keyStorePassword) {
+ super();
+ init(switchManager,timer, connectionListener, debugCounters);
+ this.keyStore = keyStore;
+ this.keyStorePassword = keyStorePassword;
+ }
+
+ @Override
+ public ChannelPipeline getPipeline() throws Exception {
+ ChannelPipeline pipeline = Channels.pipeline();
+ OFChannelHandler handler = new OFChannelHandler(switchManager,
+ connectionListener,
+ pipeline,
+ debugCounters,
+ timer);
+
+ if (keyStore != null && keyStorePassword != null) {
+ try {
+ /* Set up factories and stores. */
+ TrustManagerFactory tmFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
+ KeyStore tmpKS = null;
+ tmFactory.init(tmpKS);
+
+ /* Use keystore/pass defined in properties file. */
+ KeyStore ks = KeyStore.getInstance("JKS");
+ ks.load(new FileInputStream(keyStore), keyStorePassword.toCharArray());
+
+ KeyManagerFactory kmf = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());
+ kmf.init(ks, keyStorePassword.toCharArray());
+
+ KeyManager[] km = kmf.getKeyManagers();
+ TrustManager[] tm = tmFactory.getTrustManagers();
+
+ /* Set up SSL prereqs for Netty. */
+ SSLContext sslContext = SSLContext.getInstance("TLS");
+ sslContext.init(km, tm, null);
+ SSLEngine sslEngine = sslContext.createSSLEngine();
+
+ /* We are the server and we will create secure sessions. */
+ sslEngine.setUseClientMode(false);
+ sslEngine.setEnableSessionCreation(true);
+
+ /* These are redundant (default), but for clarity... */
+ sslEngine.setEnabledProtocols(sslEngine.getSupportedProtocols());
+ sslEngine.setEnabledCipherSuites(sslEngine.getSupportedCipherSuites());
+
+ /* First, decrypt w/handler+engine; then, proceed with rest of handlers. */
+ pipeline.addLast(PipelineHandler.SSL_TLS_ENCODER_DECODER, new SslHandler(sslEngine));
+ log.info("SSL OpenFlow socket initialized and handler ready for switch.");
+ } catch (Exception e) { /* There are lots of possible exceptions to catch, so this should get them all. */
+ log.error("Exception initializing SSL OpenFlow socket: {}", e.getMessage());
+ throw e; /* If we wanted secure but didn't get it, we should bail. */
+ }
+ }
+
+ /* SSL handler will have been added first if we're using it. */
+ pipeline.addLast(PipelineHandler.OF_MESSAGE_DECODER,
+ new OFMessageDecoder());
+ pipeline.addLast(PipelineHandler.OF_MESSAGE_ENCODER,
+ new OFMessageEncoder());
+ pipeline.addLast(PipelineHandler.MAIN_IDLE, idleHandler);
+ pipeline.addLast(PipelineHandler.READ_TIMEOUT, readTimeoutHandler);
+ pipeline.addLast(PipelineHandler.CHANNEL_HANDSHAKE_TIMEOUT,
+ new HandshakeTimeoutHandler(
+ handler,
+ timer,
+ PipelineHandshakeTimeout.CHANNEL));
+ pipeline.addLast(PipelineHandler.CHANNEL_HANDLER, handler);
+ return pipeline;
+ }
+
+ @Override
+ public void releaseExternalResources() {
+ timer.stop();
+ }
+
+ public static class PipelineHandler {
+ final static String CHANNEL_HANDSHAKE_TIMEOUT = "channelhandshaketimeout";
+ final static String SWITCH_HANDSHAKE_TIMEOUT = "switchhandshaketimeout";
+ final static String CHANNEL_HANDLER = "channelhandler";
+ final static String MAIN_IDLE = "mainidle";
+ final static String AUX_IDLE = "auxidle";
+ final static String OF_MESSAGE_DECODER = "ofmessagedecoder";
+ final static String OF_MESSAGE_ENCODER = "ofmessageencoder";
+ final static String READ_TIMEOUT = "readtimeout";
+ final static String SSL_TLS_ENCODER_DECODER = "ofsecurechannelencoderdecoder";
+ }
+
+ /**
+ * Timeouts for parts of the handshake, in seconds
+ */
+ public static class PipelineHandshakeTimeout {
+ final static int CHANNEL = 10;
+ final static int SWITCH = 30;
+ }
+
+ /**
+ * Timeouts for writes on connections, in seconds
+ */
+ public static class PipelineIdleWriteTimeout {
+ final static int MAIN = 2;
+ final static int AUX = 15;
+ }
+
+ /**
+ * Timeouts for reads on connections, in seconds
+ */
+ public static class PipelineIdleReadTimeout {
+ final static int MAIN = 3 * PipelineIdleWriteTimeout.MAIN;
+ final static int AUX = 3 * PipelineIdleWriteTimeout.AUX;
+ }
}
diff --git a/src/main/java/net/floodlightcontroller/core/internal/SwitchManagerCounters.java b/src/main/java/net/floodlightcontroller/core/internal/SwitchManagerCounters.java
index 942809cd45d4a060c865a9355442830e713ae318..33f7950bbc323d677541b6833f964e9e7ee184b5 100644
--- a/src/main/java/net/floodlightcontroller/core/internal/SwitchManagerCounters.java
+++ b/src/main/java/net/floodlightcontroller/core/internal/SwitchManagerCounters.java
@@ -31,6 +31,7 @@ public class SwitchManagerCounters {
public final IDebugCounter roleReplyTimeout;
public final IDebugCounter roleReplyReceived;
public final IDebugCounter roleReplyErrorUnsupported;
+ public final IDebugCounter switchSslConfigurationError;
public SwitchManagerCounters(IDebugCounterService debugCounters) {
debugCounters.registerModule(prefix);
@@ -199,6 +200,15 @@ public class SwitchManagerCounters {
"error from a switch in response to a role " +
"request indicating that the switch does not " +
"support roles.");
+
+ switchSslConfigurationError =
+ debugCounters.registerCounter(
+ prefix, "switch-ssl-configuration-error",
+ "Number of times the controller could not " +
+ "handshake with a switch due to an " +
+ "IllegalArgumentException, which is likely " +
+ "due to the switch trying to speak SSL whereas " +
+ "the controller wants to use vanilla TCP.");
}
public String getPrefix(){
diff --git a/src/main/resources/floodlightdefault.properties b/src/main/resources/floodlightdefault.properties
index 47b5bc91a7fbfa77569de0006aa91e5aa688051c..cf8a95612319a3c83eb29fca61163e568b39bf38 100644
--- a/src/main/resources/floodlightdefault.properties
+++ b/src/main/resources/floodlightdefault.properties
@@ -21,3 +21,6 @@ org.sdnplatform.sync.internal.SyncManager.dbPath=/var/lib/floodlight/
org.sdnplatform.sync.internal.SyncManager.port=6642
net.floodlightcontroller.core.internal.FloodlightProvider.openflowPort=6653
net.floodlightcontroller.core.internal.FloodlightProvider.role=ACTIVE
+net.floodlightcontroller.core.internal.OFSwitchManager.keyStorePath=/path/to/your/keystore-file.jks
+net.floodlightcontroller.core.internal.OFSwitchManager.keyStorePassword=your-keystore-password
+net.floodlightcontroller.core.internal.OFSwitchManager.useSsl=NO
\ No newline at end of file
diff --git a/src/main/resources/logback-test.xml b/src/main/resources/logback-test.xml
index 72350a0bc4366bcbcebc83c4e5f999c26925bbae..656805f36ffe629bdb4a2849f8a23279e92a24bf 100644
--- a/src/main/resources/logback-test.xml
+++ b/src/main/resources/logback-test.xml
@@ -19,6 +19,6 @@
<logger name="net.floodlightcontroller.forwarding" level="INFO"></logger>
<logger name="net.floodlightcontroller.routing" level="INFO"></logger>
<logger name="net.floodlightcontroller.core.internal" level="INFO"></logger>
- <logger level="DEBUG" name="net.floodlightcontroller.firewall"></logger>
+ <logger level="INFO" name="net.floodlightcontroller.firewall"></logger>
<logger level="INFO" name="net.floodlightcontroller.staticflowentry"></logger>
</configuration>