Skip to main content

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [List Home]
Re: [hono-dev] Support for encrypted and unencrypted AMQP port in Hono at the same time

Some scenarios ... because I have a little confusion on the possibilities ...


1)

hono.server.keyStorePath = null

hono.server.port not configured

hono.server.unsecurePort not configured (or hono.server.unsecurePort = <unsecure_port>)


Hono server opens only the default "unsecure" 5672 (or <unsecure_port>) port or throws an exception because we want AT LEAST the secured one ? So "unsecure port" not configured means ... no open this port


2)

hono.server.keyStorePath = <keyStorePath>

hono.server.port not configured (or hono.server.port not configured = <port>)

hono.server.unsecurePort not configured


Hono server opens only the default "secure" 5671 port (or <port>)


3)


hono.server.keyStorePath = <keyStorePath>

hono.server.port not configured (or hono.server.port not configured = <port>)

hono.server.unsecurePort = <unsecure_port>


Hono server opens both default "secure" 5671 (or <port>) and <unsecure_port>


What is the way to open both default ports ?


It seems to me that setting or not hono.server.keyStorePath --> open or not a "secure" port


But what about opening the "unsecure" one ? Not configured --> open the default 5672 or not open it ?


Thanks,

Paolo




Paolo Patierno
Senior Software Engineer (IoT) @ Red Hat
Microsoft MVP on Windows Embedded & IoT
Microsoft Azure Advisor 

Twitter : @ppatierno
Linkedin : paolopatierno
Blog : DevExperience



From: hono-dev-bounces@xxxxxxxxxxx <hono-dev-bounces@xxxxxxxxxxx> on behalf of Maas Ingo (INST/ECS4) <Ingo.Maas@xxxxxxxxxxxx>
Sent: Monday, March 06, 2017 3:48 PM
To: hono developer discussions
Subject: Re: [hono-dev] Support for encrypted and unencrypted AMQP port in Hono at the same time
 
Improving Kai's proposal, I would prefer "insecure" instead of "unsecure".

Kind regards,

Ingo Maas

Bosch Software Innovations GmbH
INST/ECS4
Schöneberger Ufer 89 - 91
10785 Berlin
GERMANY
www.bosch-si.de

Tel. +49 30 726112-156
Fax +49 30 726112-100
ingo.maas@xxxxxxxxxxxx

Registered office: Berlin, Register court: Amtsgericht Charlottenburg, HRB 148411 B
Executives: Dr.-Ing. Rainer Kallenbach, Michael Hahn

________________________________________
Von: hono-dev-bounces@xxxxxxxxxxx [hono-dev-bounces@xxxxxxxxxxx]&quot; im Auftrag von &quot;Hudalla Kai (INST/ECS4) [Kai.Hudalla@xxxxxxxxxxxx]
Gesendet: Montag, 6. März 2017 14:33
An: hono-dev@xxxxxxxxxxx
Betreff: Re: [hono-dev] Support for encrypted and unencrypted AMQP port in Hono at the same time

Hi Karsten,

thanks for the proposal. I have added some comments below...

Kai

On Mon, 2017-03-06 at 12:09 +0000, Frank Karsten (INST/ECS4) wrote:
> Hello,
>
> while writing a HelloWorld tutorial for Hono to produce a Java client that is
> as simple as possible,
> I found out that:
>
> - the Hono client is written for both variants (encrypted/unencrypted) and
> switches to "amqps" resp. "amqp" as protocol designator
>
> - the Hono server though currently can be configured to EITHER encrypted (based
> on hono.server.keyStorePath) OR unencrypted (if hono.server.keyStorePath is
> null, i.e. not configured) communication
>
>
> -> I propose to make the Hono server more flexible, so that both variants can
> be supported at the same time.
>
>
> Following I have in mind:
>
> 1.) default should remain "only one port configured for SSL"
>
agreed, we should always bind a "secure" port if keys are configured

> Hono server will always insist on finding this already available port and
> behaves like implemented: opens it for EITHER encrypted OR unencrypted
> communication.
>
> Configuration:
>
> hono:
>    server:
>       port: 5672
>
>
if keys are configured the secure port should better be 5671 which is the IANA
registered port for AMQPS (aka AMQP over TLS)

> 2.) optionally a second port can be opened
>
> Configuration:
>
> hono:
>    server:
>       unEncryptedPort: 5671
>
I'd rather call the ports "secure" and "unsecure" and the default for "unsecure"
should be 5672 (as defined by the spec)

>
> If Hono server additionally finds the port "unEncryptedPort" configured, it
> will open this as well and always opens it for unencrypted communication.
>
> 3.) Hono client remains unchanged - it already works with both variants of
> server ports.
>
IMHO we should adapt its behavior based on the default ports for secure and
unsecure communication, i.e. if no port is specified but a trust store is
configured, we should assume 5671 as the port, otherwise 5672

>
> What do you think?
>
> Looking forward to feedback...
>
> Karsten (sysexcontrol)
>
> Bosch Software Innovations GmbH
> Development Core Products (INST/ECS6-Be)
> Schöneberger Ufer 89-91
> 10785 Berlin
> GERMANY
> www.bosch-si.de
> www.blog.bosch-si.com
>
> Tel. +49 30 726112-403
> Fax +49 30 726112-100
> Karsten.Frank@xxxxxxxxxxxx
>
> Registered office: Berlin, Register court: Amtsgericht Charlottenburg, HRB
> 148411 B
> Executives: Dr.-Ing. Rainer Kallenbach, Michael Hahn
>
> _______________________________________________
> hono-dev mailing list
> hono-dev@xxxxxxxxxxx
> To change your delivery options, retrieve your password, or unsubscribe from
> this list, visit
> https://dev.eclipse.org/mailman/listinfo/hono-dev
_______________________________________________
hono-dev mailing list
hono-dev@xxxxxxxxxxx
To change your delivery options, retrieve your password, or unsubscribe from this list, visit
https://dev.eclipse.org/mailman/listinfo/hono-dev
_______________________________________________
hono-dev mailing list
hono-dev@xxxxxxxxxxx
To change your delivery options, retrieve your password, or unsubscribe from this list, visit
https://dev.eclipse.org/mailman/listinfo/hono-dev

Back to the top