[
Date Prev][
Date Next][
Thread Prev][
Thread Next][
Date Index][
Thread Index]
[
List Home]
Re: [hono-dev] Support for encrypted and unencrypted AMQP port in Hono at the same time
|
On Tue, 2017-03-07 at 08:51 +0000, Frank Karsten (INST/ECS4) wrote:
> Thanks Paolo,
> this again makes it clearer, and thus better :-)
>
> I update the summary to the following then:
>
> - - - - - - - - - - - 8< - - - - - - - - - -
> 1) leverage the IANA defaults if "hono.server.port" is not configured :
>
> "hono.server.keyStorePath" found -> 5671, otherwise no secure port is opened.
>
> Used Port is logged explicitly as INFO.
+1
>
> 2) let the user explicitly configure the "hono.server.port":
>
> "hono.server.keyStorePath" found? -> open desired port, but print a warning if
> that violates the IANA defaults from 1)
IMHO we should not call this a "violation" but I agree that we should issue a
warning that clients might be inclined to try to connect using AMQPS instead of
AMQP due to the port number being defined as the default AMQPS port.
>
> "hono.server.keyStorePath" not found? -> no secure port is opened, print a
> warning about potential misconfiguration.
>
> Used Port is logged explicitly as INFO.
+1
>
> 3) additional insecure port available if flag "hono.server.allowInsecure =
> true":
>
> Port can be determined by "hono.server.insecurePort":
>
> - set? then use it
>
> - not set? then use the IANA default 5672
>
>
> Used Port is logged explicitly as INFO.
+1
>
> 4) Exceptions during startup:
>
> Exception for the insecure port during startup if:
> - port conflicts with 1) (misconfiguration)
If you mean: user configured insecure port == secure port
then +1
> - configured to secure IANA port 5671 (not necessary or desirable to support
> this configuration).
As indicated above, I think we should log a WARNING but otherwise let users do
this if they want to
>
>
> Exception also thrown if Hono would not open any port by configuration (this
> cannot be desirable).
+1
>
>
> - - - - - - - - - - - 8< - - - - - - - - - -
>
>
>
> Result: clear separation of ports:
>
> As a result, we have introduced in Hono a clear separation of ports:
>
> "hono.server.port" represents the secure port (never opens an insecure port)
>
> "hono.server.insecurePort" represents the insecure port (as only port or as
> additional port to the secure one)
>
>
>
>
>
> Should that be the final plan?
>
> Thanks,
> Karsten
>
> Bosch Software Innovations GmbH
> Development Core Products (INST/ECS6-Be)
> Schöneberger Ufer 89-91
> 10785 Berlin
> GERMANY
> www.bosch-si.de
> www.blog.bosch-si.com
>
> Tel. +49 30 726112-403
> Fax +49 30 726112-100
> Karsten.Frank@xxxxxxxxxxxx
>
> Registered office: Berlin, Register court: Amtsgericht Charlottenburg, HRB
> 148411 B
> Executives: Dr.-Ing. Rainer Kallenbach, Michael Hahn
>
> Von: hono-dev-bounces@xxxxxxxxxxx [hono-dev-bounces@xxxxxxxxxxx]" im Auftrag
> von "Paolo Patierno [ppatierno@xxxxxxxx]
> Gesendet: Montag, 6. März 2017 23:05
> An: hono developer discussions
> Betreff: Re: [hono-dev] Support for encrypted and unencrypted AMQP port in Hono
> at the same time
>
> Hi Karsten,
>
> I think we are very closed to the final plan with a very good summary from you
> :)
>
> I just see two different ways for configuring insecure AMQP port (and having
> different ways for doing something simple like this could be misunderstood).
>
> The first one comes from 1) when you say "otherwise 5672" (when keyStorePath is
> null).
> The other one comes from 3) with allowInsecurePort = true.
>
> To avoid this redundant way, I would remove the "otherwise 5672" on point 1).
> It means that ....
>
> If keyStorePath is null ... no secure port is used but even no insecurePort
> (default 5672) is opened.
> If allowInsecurePort isn't specified, it's false by default so no insecurePort
> is opened.
>
> In this scenario an exception should be thrown because it's a real error in the
> configuration; the Hono server should start without listening on any port ? :)
>
> Thanks
> Paolo
>
> From: Frank Karsten (INST/ECS4)
> Sent: Monday, 6 March, 19:20
> Subject: Re: [hono-dev] Support for encrypted and unencrypted AMQP port in Hono
> at the same time
> To: hono developer discussions
> Good answer, thank you Paolo!
>
> I try again to summarize (in my words) and merge all the ideas:
>
> 1) leverage the IANA defaults if "hono.server.port" is not configured :
>
> "hono.server.keyStorePath" found -> 5671, otherwise 5672.
>
> Used Port is logged explicitly as INFO.
> 2) let the user explicitly configure the "hono.server.port":
>
> only print a warning if that violates the IANA defaults from 1), but
> nevertheless open the desired port.
>
> Used Port is logged explicitly as INFO.
> 3) additional insecure port available if flag "hono.server.allowInsecure =
> true":
>
> Port determined by "hono.server.insecurePort":
>
> - set? then use it
>
> - not set? then use the IANA default 5672
>
> Exception for this port during startup if:
> - port conflicts with 1) (misconfiguration)
> - configured to port 5671 (not necessary or desirable to support this
> configuration).
>
> Personally I think this could be the solution - it is flexible, simple enough
> and enforces IANA defaults.
>
> What do you think?
>
> Karsten
> Bosch Software Innovations GmbH
> Development Core Products (INST/ECS6-Be)
> Schöneberger Ufer 89-91
> 10785 Berlin
> GERMANY
> www.bosch-si.de
> www.blog.bosch-si.com
>
> Tel. +49 30 726112-403
> Fax +49 30 726112-100
> Karsten.Frank@xxxxxxxxxxxx
>
> Registered office: Berlin, Register court: Amtsgericht Charlottenburg, HRB
> 148411 B
> Executives: Dr.-Ing. Rainer Kallenbach, Michael Hahn
>
> Von: hono-dev-bounces@xxxxxxxxxxx [hono-dev-bounces@xxxxxxxxxxx]" im Auftrag
> von "Paolo Patierno [ppatierno@xxxxxxxx]
> Gesendet: Montag, 6. März 2017 18:11
> An: hono developer discussions
> Betreff: Re: [hono-dev] Support for encrypted and unencrypted AMQP port in Hono
> at the same time
>
> I'm a bit confused about that because it seems that in this way the
> "hono.server.port" can have two different meanings ...
> Secure port if keyStorePath is set
>
> Insecure port if keyStorePath is not set
> but then ... if we set the keyStorePath, then the Insecure port is specified
> with another parameter "hono.server.insecurePort".
> Making hono.server.port mandatory we can't leverage on the IANA defaults.
> If it's not mandatory and using the Kai's idea around the "allowInsecure"
> flag we can have :
> 1)
>
> keyStorePath = <keyStorePath>
>
> port = not configured or <port>
> Only secure default 5671 (or <port>)
> 2)
>
> keyStorePath = <keyStorePath>
>
> port = not configured or <port>
>
> allowInsecure = true
>
> insecurePort = not configured or <insecurePort>
> both secure default 5671 (or <port>) and insecure (or <insecurePort>)
> Agree about warnings if default ports are used in the "wrong" way.
> Paolo Patierno
>
> Senior Software Engineer (IoT) @ Red Hat
> Microsoft MVP on Windows Embedded & IoT
>
> Microsoft Azure Advisor
> Twitter : @ppatierno
> Linkedin : paolopatierno
> Blog : DevExperience
>
> From: hono-dev-bounces@xxxxxxxxxxx <hono-dev-bounces@xxxxxxxxxxx> on behalf of
> Frank Karsten (INST/ECS4) <Karsten.Frank@xxxxxxxxxxxx>
> Sent: Monday, March 06, 2017 4:57 PM
> To: hono developer discussions
> Subject: Re: [hono-dev] Support for encrypted and unencrypted AMQP port in Hono
> at the same time
>
>
>
> Thanks for all comments, I like to refine my proposal with the goal to keep
> things simple to the following:
>
> 1.) "hono.server.port" :
>
> Is mandatory.
>
> We stick to the strategy that Hono decides if the port is secure only by trying
> to find a "keyStorePath" configured.
>
> We then reflect the standard port behaviour for AMQP (5671 secure, 5672
> insecure) by printing a WARNING to the log files if it is violated.
>
> Warnings are printed for:
> - 5671 but no keyStorePath found
> - 5672 but keyStorePath found
>
> Why that?
> I would prefer warnings instead of exceptions only for flexibility: to start
> several Hono instances on the same machine (without using docker) sometimes
> could be very
> handy, and this would not be possible anymore if Hono refuses to start.
>
>
> 2.) "hono.server.insecurePort":
>
> Is optional, and always insecure, so no keyStorePath for that port.
>
> Must never be set to 5671 (exception thrown) - the secure port can only be
> configured for the "hono.server.port".
>
> This would be still rather simple, still flexible and to a certain amount
> reflect the standard port behaviour for AMQP.
>
> What do you think?
>
> Bosch Software Innovations GmbH
> Development Core Products (INST/ECS6-Be)
> Schöneberger Ufer 89-91
> 10785 Berlin
> GERMANY
> www.bosch-si.de
> www.blog.bosch-si.com
>
> Tel. +49 30 726112-403
> Fax +49 30 726112-100
> Karsten.Frank@xxxxxxxxxxxx
>
> Registered office: Berlin, Register court: Amtsgericht Charlottenburg, HRB
> 148411 B
> Executives: Dr.-Ing. Rainer Kallenbach, Michael Hahn
>
> Von: hono-dev-bounces@xxxxxxxxxxx [hono-dev-bounces@xxxxxxxxxxx]" im Auftrag
> von "Paolo Patierno [ppatierno@xxxxxxxx]
> Gesendet: Montag, 6. März 2017 17:07
> An: hono developer discussions
> Betreff: Re: [hono-dev] Support for encrypted and unencrypted AMQP port in Hono
> at the same time
>
> Some scenarios ... because I have a little confusion on the possibilities ...
> 1)
>
> hono.server.keyStorePath = null
>
> hono.server.port not configured
>
> hono.server.unsecurePort not configured (or hono.server.unsecurePort =
> <unsecure_port>)
> Hono server opens only the default "unsecure" 5672 (or <unsecure_port>) port or
> throws an exception because we want AT LEAST the secured one ? So "unsecure
> port" not configured means ... no open this port
> 2)
>
> hono.server.keyStorePath = <keyStorePath>
>
> hono.server.port not configured (or hono.server.port not configured = <port>)
>
> hono.server.unsecurePort not configured
> Hono server opens only the default "secure" 5671 port (or <port>)
> 3)
> hono.server.keyStorePath = <keyStorePath>
>
> hono.server.port not configured (or hono.server.port not configured = <port>)
>
> hono.server.unsecurePort = <unsecure_port>
> Hono server opens both default "secure" 5671 (or <port>) and <unsecure_port>
> What is the way to open both default ports ?
> It seems to me that setting or not hono.server.keyStorePath --> open or not a
> "secure" port
> But what about opening the "unsecure" one ? Not configured --> open the default
> 5672 or not open it ?
> Thanks,
>
> Paolo
>
>
> Paolo Patierno
>
> Senior Software Engineer (IoT) @ Red Hat
> Microsoft MVP on Windows Embedded & IoT
>
> Microsoft Azure Advisor
> Twitter : @ppatierno
> Linkedin : paolopatierno
> Blog : DevExperience
>
> From: hono-dev-bounces@xxxxxxxxxxx <hono-dev-bounces@xxxxxxxxxxx> on behalf of
> Maas Ingo (INST/ECS4) <Ingo.Maas@xxxxxxxxxxxx>
> Sent: Monday, March 06, 2017 3:48 PM
> To: hono developer discussions
> Subject: Re: [hono-dev] Support for encrypted and unencrypted AMQP port in Hono
> at the same time
>
>
>
> Improving Kai's proposal, I would prefer "insecure" instead of "unsecure".
>
> Kind regards,
>
> Ingo Maas
>
> Bosch Software Innovations GmbH
> INST/ECS4
> Schöneberger Ufer 89 - 91
> 10785 Berlin
> GERMANY
> www.bosch-si.de
>
> Tel. +49 30 726112-156
> Fax +49 30 726112-100
> ingo.maas@xxxxxxxxxxxx
>
> Registered office: Berlin, Register court: Amtsgericht Charlottenburg, HRB
> 148411 B
> Executives: Dr.-Ing. Rainer Kallenbach, Michael Hahn
>
> ________________________________________
> Von: hono-dev-bounces@xxxxxxxxxxx [hono-dev-bounces@xxxxxxxxxxx]" im
> Auftrag von "Hudalla Kai (INST/ECS4) [Kai.Hudalla@xxxxxxxxxxxx]
> Gesendet: Montag, 6. März 2017 14:33
> An: hono-dev@xxxxxxxxxxx
> Betreff: Re: [hono-dev] Support for encrypted and unencrypted AMQP port in Hono
> at the same time
>
> Hi Karsten,
>
> thanks for the proposal. I have added some comments below...
>
> Kai
>
> On Mon, 2017-03-06 at 12:09 +0000, Frank Karsten (INST/ECS4) wrote:
> > Hello,
> >
> > while writing a HelloWorld tutorial for Hono to produce a Java client that is
> > as simple as possible,
> > I found out that:
> >
> > - the Hono client is written for both variants (encrypted/unencrypted) and
> > switches to "amqps" resp. "amqp" as protocol designator
> >
> > - the Hono server though currently can be configured to EITHER encrypted
> (based
> > on hono.server.keyStorePath) OR unencrypted (if hono.server.keyStorePath is
> > null, i.e. not configured) communication
> >
> >
> > -> I propose to make the Hono server more flexible, so that both variants can
> > be supported at the same time.
> >
> >
> > Following I have in mind:
> >
> > 1.) default should remain "only one port configured for SSL"
> >
> agreed, we should always bind a "secure" port if keys are configured
>
> > Hono server will always insist on finding this already available port and
> > behaves like implemented: opens it for EITHER encrypted OR unencrypted
> > communication.
> >
> > Configuration:
> >
> > hono:
> > server:
> > port: 5672
> >
> >
> if keys are configured the secure port should better be 5671 which is the IANA
> registered port for AMQPS (aka AMQP over TLS)
>
> > 2.) optionally a second port can be opened
> >
> > Configuration:
> >
> > hono:
> > server:
> > unEncryptedPort: 5671
> >
> I'd rather call the ports "secure" and "unsecure" and the default for
> "unsecure"
> should be 5672 (as defined by the spec)
>
> >
> > If Hono server additionally finds the port "unEncryptedPort" configured, it
> > will open this as well and always opens it for unencrypted communication.
> >
> > 3.) Hono client remains unchanged - it already works with both variants of
> > server ports.
> >
> IMHO we should adapt its behavior based on the default ports for secure and
> unsecure communication, i.e. if no port is specified but a trust store is
> configured, we should assume 5671 as the port, otherwise 5672
>
> >
> > What do you think?
> >
> > Looking forward to feedback...
> >
> > Karsten (sysexcontrol)
> >
> > Bosch Software Innovations GmbH
> > Development Core Products (INST/ECS6-Be)
> > Schöneberger Ufer 89-91
> > 10785 Berlin
> > GERMANY
> > www.bosch-si.de
> > www.blog.bosch-si.com
> >
> > Tel. +49 30 726112-403
> > Fax +49 30 726112-100
> > Karsten.Frank@xxxxxxxxxxxx
> >
> > Registered office: Berlin, Register court: Amtsgericht Charlottenburg, HRB
> > 148411 B
> > Executives: Dr.-Ing. Rainer Kallenbach, Michael Hahn
> >
> > _______________________________________________
> > hono-dev mailing list
> > hono-dev@xxxxxxxxxxx
> > To change your delivery options, retrieve your password, or unsubscribe from
> > this list, visit
> > https://dev.eclipse.org/mailman/listinfo/hono-dev
> _______________________________________________
> hono-dev mailing list
> hono-dev@xxxxxxxxxxx
> To change your delivery options, retrieve your password, or unsubscribe from
> this list, visit
> https://dev.eclipse.org/mailman/listinfo/hono-dev
> _______________________________________________
> hono-dev mailing list
> hono-dev@xxxxxxxxxxx
> To change your delivery options, retrieve your password, or unsubscribe from
> this list, visit
> https://dev.eclipse.org/mailman/listinfo/hono-dev
>
> _______________________________________________
> hono-dev mailing list
> hono-dev@xxxxxxxxxxx
> To change your delivery options, retrieve your password, or unsubscribe from
> this list, visit
> https://dev.eclipse.org/mailman/listinfo/hono-dev