[
Date Prev][
Date Next][
Thread Prev][
Thread Next][
Date Index][
Thread Index]
[
List Home]
Re: [hono-dev] Support for encrypted and unencrypted AMQP port in Hono at the same time
|
Improving Kai's proposal, I would prefer "insecure" instead of "unsecure".
Kind regards,
Ingo Maas
Bosch Software Innovations GmbH
INST/ECS4
Schöneberger Ufer 89 - 91
10785 Berlin
GERMANY
www.bosch-si.de
Tel. +49 30 726112-156
Fax +49 30 726112-100
ingo.maas@xxxxxxxxxxxx
Registered office: Berlin, Register court: Amtsgericht Charlottenburg, HRB 148411 B
Executives: Dr.-Ing. Rainer Kallenbach, Michael Hahn
________________________________________
Von: hono-dev-bounces@xxxxxxxxxxx [hono-dev-bounces@xxxxxxxxxxx]" im Auftrag von "Hudalla Kai (INST/ECS4) [Kai.Hudalla@xxxxxxxxxxxx]
Gesendet: Montag, 6. März 2017 14:33
An: hono-dev@xxxxxxxxxxx
Betreff: Re: [hono-dev] Support for encrypted and unencrypted AMQP port in Hono at the same time
Hi Karsten,
thanks for the proposal. I have added some comments below...
Kai
On Mon, 2017-03-06 at 12:09 +0000, Frank Karsten (INST/ECS4) wrote:
> Hello,
>
> while writing a HelloWorld tutorial for Hono to produce a Java client that is
> as simple as possible,
> I found out that:
>
> - the Hono client is written for both variants (encrypted/unencrypted) and
> switches to "amqps" resp. "amqp" as protocol designator
>
> - the Hono server though currently can be configured to EITHER encrypted (based
> on hono.server.keyStorePath) OR unencrypted (if hono.server.keyStorePath is
> null, i.e. not configured) communication
>
>
> -> I propose to make the Hono server more flexible, so that both variants can
> be supported at the same time.
>
>
> Following I have in mind:
>
> 1.) default should remain "only one port configured for SSL"
>
agreed, we should always bind a "secure" port if keys are configured
> Hono server will always insist on finding this already available port and
> behaves like implemented: opens it for EITHER encrypted OR unencrypted
> communication.
>
> Configuration:
>
> hono:
> server:
> port: 5672
>
>
if keys are configured the secure port should better be 5671 which is the IANA
registered port for AMQPS (aka AMQP over TLS)
> 2.) optionally a second port can be opened
>
> Configuration:
>
> hono:
> server:
> unEncryptedPort: 5671
>
I'd rather call the ports "secure" and "unsecure" and the default for "unsecure"
should be 5672 (as defined by the spec)
>
> If Hono server additionally finds the port "unEncryptedPort" configured, it
> will open this as well and always opens it for unencrypted communication.
>
> 3.) Hono client remains unchanged - it already works with both variants of
> server ports.
>
IMHO we should adapt its behavior based on the default ports for secure and
unsecure communication, i.e. if no port is specified but a trust store is
configured, we should assume 5671 as the port, otherwise 5672
>
> What do you think?
>
> Looking forward to feedback...
>
> Karsten (sysexcontrol)
>
> Bosch Software Innovations GmbH
> Development Core Products (INST/ECS6-Be)
> Schöneberger Ufer 89-91
> 10785 Berlin
> GERMANY
> www.bosch-si.de
> www.blog.bosch-si.com
>
> Tel. +49 30 726112-403
> Fax +49 30 726112-100
> Karsten.Frank@xxxxxxxxxxxx
>
> Registered office: Berlin, Register court: Amtsgericht Charlottenburg, HRB
> 148411 B
> Executives: Dr.-Ing. Rainer Kallenbach, Michael Hahn
>
> _______________________________________________
> hono-dev mailing list
> hono-dev@xxxxxxxxxxx
> To change your delivery options, retrieve your password, or unsubscribe from
> this list, visit
> https://dev.eclipse.org/mailman/listinfo/hono-dev
_______________________________________________
hono-dev mailing list
hono-dev@xxxxxxxxxxx
To change your delivery options, retrieve your password, or unsubscribe from this list, visit
https://dev.eclipse.org/mailman/listinfo/hono-dev