Disable TLS by default On SUSE distros, the default is for libvirtd to listen only on the Unix Domain Socket. The libvirt client still provides remote access via a SSH tunnel. Index: libvirt-7.1.0/src/remote/remote_daemon_config.c =================================================================== --- libvirt-7.1.0.orig/src/remote/remote_daemon_config.c +++ libvirt-7.1.0/src/remote/remote_daemon_config.c @@ -98,7 +98,7 @@ daemonConfigNew(bool privileged G_GNUC_U #ifdef WITH_IP # ifdef LIBVIRTD - data->listen_tls = true; /* Only honoured if --listen is set */ + data->listen_tls = false; /* Only honoured if --listen is set */ # else /* ! LIBVIRTD */ data->listen_tls = false; /* Always honoured, --listen doesn't exist. */ # endif /* ! LIBVIRTD */ Index: libvirt-7.1.0/src/remote/libvirtd.conf.in =================================================================== --- libvirt-7.1.0.orig/src/remote/libvirtd.conf.in +++ libvirt-7.1.0/src/remote/libvirtd.conf.in @@ -17,8 +17,8 @@ # It is necessary to setup a CA and issue server certificates before # using this capability. # -# This is enabled by default, uncomment this to disable it -#listen_tls = 0 +# This is disabled by default, uncomment this to enable it +#listen_tls = 1 # Listen for unencrypted TCP connections on the public TCP/IP port. # NB, must pass the --listen flag to the @DAEMON_NAME@ process for this to Index: libvirt-7.1.0/src/remote/test_libvirtd.aug.in =================================================================== --- libvirt-7.1.0.orig/src/remote/test_libvirtd.aug.in +++ libvirt-7.1.0/src/remote/test_libvirtd.aug.in @@ -3,7 +3,7 @@ module Test_@DAEMON_NAME@ = test @DAEMON_NAME_UC@.lns get conf = @CUT_ENABLE_IP@ - { "listen_tls" = "0" } + { "listen_tls" = "1" } { "listen_tcp" = "1" } { "tls_port" = "16514" } { "tcp_port" = "16509" }