libvirt version 2.3.0 and later is vulnerable to a bad default configuration of "verify-peer=no" passed to QEMU by libvirt resulting in a failure to validate SSL/TLS certificates by default.
https://www.redhat.com/archives/libvirt-announce/2017-October/msg00001.html
https://www.mail-archive.com/debian-bugs-dist%40lists.debian.org/msg1556251.html