keystonemiddleware is vulnerable to man-in-the-middle (MitM) attacks. When the insecure option is set in the paste.ini file, keystonemiddleware will always disable certificate verification, regardless of the variables value.
rhn.redhat.com/errata/RHSA-2014-1783.html
rhn.redhat.com/errata/RHSA-2014-1784.html
rhn.redhat.com/errata/RHSA-2015-0020.html
secunia.com/advisories/62709
www.openwall.com/lists/oss-security/2014/09/25/51
www.securityfocus.com/bid/69864
www.ubuntu.com/usn/USN-2705-1
access.redhat.com/security/updates/classification/#moderate
bugs.launchpad.net/python-keystoneclient/+bug/1353315
bugzilla.redhat.com/show_bug.cgi?id=1141933
rhn.redhat.com/errata/RHSA-2014-1783.html