Skip to main content
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [List Home]
Re: [hono-dev] Support for encrypted and unencrypted AMQP port in Hono at the same time 
+1

On Tue, 2017-03-07 at 10:39 +0000, Frank Karsten (INST/ECS4) wrote:
> Thanks, Kai,
> 
> updated version below.I think we should be finished after you had a final look.
> Would prepare a pull request after the java tutorials will be finished...
> 
> - - - - - - - - - - - 8< - - - - - - - - - -
> 1) leverage the IANA defaults if "hono.server.port" is not configured :
> 
> "hono.server.keyStorePath" found -> 5671, otherwise no secure port is opened.
> Used Port is logged explicitly as INFO.
> 
> 2) let the user explicitly configure the "hono.server.port":
> 
> "hono.server.keyStorePath" found? -> open desired port. If port is not the IANA
> secure port 5671, print a warning about potential misconfiguration.
> "hono.server.keyStorePath" not found? -> no secure port is opened, print a
> warning about potential misconfiguration.
> Used Port is logged explicitly as INFO.
> 
> 3) additional insecure port available if flag "hono.server.allowInsecure =
> true":
> 
> Port can be determined by "hono.server.insecurePort":
> -  set? then use it. If configured to IANA secure port 5671, print a warning
> about potential misconfiguration.
> - not set? then use the IANA default 5672
> 
> Used Port is logged explicitly as INFO.
> 
> 4) Exceptions during startup:
> 
> - both ports active and configured equally (port == insecurePort)  ->
> misconfiguration
> - Hono would not open any port by configuration (this cannot be desirable).
> 
> - - - - - - - - - - - 8< - - - - - - - - - -
> 
> Result: clear separation of ports:
> As a result, we have introduced in Hono a clear separation of ports:
> 
> "hono.server.port" represents the secure port (never opens an insecure port)
> 
> "hono.server.insecurePort" represents the insecure port (as only port or as
> additional port to the secure one)
> 
> 
> 
> 
> Bosch Software Innovations GmbH
> Development Core Products (INST/ECS6-Be)
> Schöneberger Ufer 89-91
> 10785 Berlin
> GERMANY
> www.bosch-si.de
> www.blog.bosch-si.com
> 
> Tel. +49 30 726112-403
> Fax +49 30 726112-100
> Karsten.Frank@xxxxxxxxxxxx
> 
> Registered office: Berlin, Register court: Amtsgericht Charlottenburg, HRB
> 148411 B
> Executives: Dr.-Ing. Rainer Kallenbach, Michael Hahn
> 
> 
> ________________________________________
> Von: hono-dev-bounces@xxxxxxxxxxx [hono-dev-bounces@xxxxxxxxxxx]&quot; im
> Auftrag von &quot;Hudalla Kai (INST/ECS4) [Kai.Hudalla@xxxxxxxxxxxx]
> Gesendet: Dienstag, 7. März 2017 10:00
> An: hono-dev@xxxxxxxxxxx
> Betreff: Re: [hono-dev] Support for encrypted and unencrypted AMQP port in Hono
> at the same time
> 
> On Tue, 2017-03-07 at 08:51 +0000, Frank Karsten (INST/ECS4) wrote:
> > Thanks Paolo,
> > this again makes it clearer, and thus better :-)
> > 
> > I update the summary to the following then:
> > 
> > - - - - - - - - - - - 8< - - - - - - - - - -
> > 1) leverage the IANA defaults if "hono.server.port" is not configured :
> > 
> > "hono.server.keyStorePath" found -> 5671, otherwise no secure port is opened.
> > 
> > Used Port is logged explicitly as INFO.
> 
> +1
> 
> > 
> > 2) let the user explicitly configure the "hono.server.port":
> > 
> > "hono.server.keyStorePath" found? -> open desired port, but print a warning
> > if
> > that violates the IANA defaults from 1)
> 
> IMHO we should not call this a "violation" but I agree that we should issue a
> warning that clients might be inclined to try to connect using AMQPS instead of
> AMQP due to the port number being defined as the default AMQPS port.
> 
> > 
> > "hono.server.keyStorePath" not found? -> no secure port is opened, print a
> > warning about potential misconfiguration.
> > 
> > Used Port is logged explicitly as INFO.
> 
> +1
> 
> > 
> > 3) additional insecure port available if flag "hono.server.allowInsecure =
> > true":
> > 
> > Port can be determined by "hono.server.insecurePort":
> > 
> > -  set? then use it
> > 
> > - not set? then use the IANA default 5672
> > 
> > 
> > Used Port is logged explicitly as INFO.
> 
> +1
> 
> > 
> > 4) Exceptions during startup:
> > 
> > Exception for the insecure port during startup if:
> > - port conflicts with 1)  (misconfiguration)
> 
> If you mean: user configured insecure port == secure port
> then +1
> 
> > - configured to secure IANA port 5671 (not necessary or desirable to support
> > this configuration).
> 
> As indicated above, I think we should log a WARNING but otherwise let users do
> this if they want to
> > 
> > 
> > Exception also thrown if Hono would not open any port by configuration (this
> > cannot be desirable).
> 
> +1
> 
> > 
> > 
> > - - - - - - - - - - - 8< - - - - - - - - - -
> > 
> > 
> > 
> > Result: clear separation of ports:
> > 
> > As a result, we have introduced in Hono a clear separation of ports:
> > 
> > "hono.server.port" represents the secure port (never opens an insecure port)
> > 
> > "hono.server.insecurePort" represents the insecure port (as only port or as
> > additional port to the secure one)
> > 
> > 
> > 
> > 
> > 
> > Should that be the final plan?
> > 
> > Thanks,
> > Karsten
> > 
> > Bosch Software Innovations GmbH
> > Development Core Products (INST/ECS6-Be)
> > Schöneberger Ufer 89-91
> > 10785 Berlin
> > GERMANY
> > www.bosch-si.de
> > www.blog.bosch-si.com
> > 
> > Tel. +49 30 726112-403
> > Fax +49 30 726112-100
> > Karsten.Frank@xxxxxxxxxxxx
> > 
> > Registered office: Berlin, Register court: Amtsgericht Charlottenburg, HRB
> > 148411 B
> > Executives: Dr.-Ing. Rainer Kallenbach, Michael Hahn
> > 
> > Von: hono-dev-bounces@xxxxxxxxxxx [hono-dev-bounces@xxxxxxxxxxx]" im Auftrag
> > von "Paolo Patierno [ppatierno@xxxxxxxx]
> > Gesendet: Montag, 6. März 2017 23:05
> > An: hono developer discussions
> > Betreff: Re: [hono-dev] Support for encrypted and unencrypted AMQP port in
> > Hono
> > at the same time
> > 
> > Hi Karsten,
> > 
> > I think we are very closed to the final plan with a very good summary from
> > you
> > :)
> > 
> > I just see two different ways for configuring insecure AMQP port (and having
> > different ways for doing something simple like this could be misunderstood).
> > 
> > The first one comes from 1) when you say "otherwise 5672" (when keyStorePath
> > is
> > null).
> > The other one comes from 3) with allowInsecurePort = true.
> > 
> > To avoid this redundant way, I would remove the "otherwise 5672" on point 1).
> > It means that ....
> > 
> > If keyStorePath is null ... no secure port is used but even no insecurePort
> > (default 5672) is opened.
> > If allowInsecurePort isn't specified, it's false by default so no
> > insecurePort
> > is opened.
> > 
> > In this scenario an exception should be thrown because it's a real error in
> > the
> > configuration; the Hono server should start without listening on any port ?
> > :)
> > 
> > Thanks
> > Paolo
> > 
> > From: Frank Karsten (INST/ECS4)
> > Sent: Monday, 6 March, 19:20
> > Subject: Re: [hono-dev] Support for encrypted and unencrypted AMQP port in
> > Hono
> > at the same time
> > To: hono developer discussions
> > Good answer, thank you Paolo!
> > 
> > I try again to summarize (in my words) and merge all the ideas:
> > 
> > 1) leverage the IANA defaults if "hono.server.port" is not configured :
> > 
> > "hono.server.keyStorePath" found -> 5671, otherwise 5672.
> > 
> > Used Port is logged explicitly as INFO.
> > 2) let the user explicitly configure the "hono.server.port":
> > 
> > only print a warning if that violates the IANA defaults from 1), but
> > nevertheless open the desired port.
> > 
> > Used Port is logged explicitly as INFO.
> > 3) additional insecure port available if flag "hono.server.allowInsecure =
> > true":
> > 
> > Port determined by "hono.server.insecurePort":
> > 
> > -  set? then use it
> > 
> > - not set? then use the IANA default 5672
> > 
> > Exception for this port during startup if:
> > - port conflicts with 1)  (misconfiguration)
> > - configured to port 5671 (not necessary or desirable to support this
> > configuration).
> > 
> > Personally I think this could be the solution - it is flexible, simple enough
> > and enforces IANA defaults.
> > 
> > What do you think?
> > 
> > Karsten
> > Bosch Software Innovations GmbH
> > Development Core Products (INST/ECS6-Be)
> > Schöneberger Ufer 89-91
> > 10785 Berlin
> > GERMANY
> > www.bosch-si.de
> > www.blog.bosch-si.com
> > 
> > Tel. +49 30 726112-403
> > Fax +49 30 726112-100
> > Karsten.Frank@xxxxxxxxxxxx
> > 
> > Registered office: Berlin, Register court: Amtsgericht Charlottenburg, HRB
> > 148411 B
> > Executives: Dr.-Ing. Rainer Kallenbach, Michael Hahn
> > 
> > Von: hono-dev-bounces@xxxxxxxxxxx [hono-dev-bounces@xxxxxxxxxxx]" im Auftrag
> > von "Paolo Patierno [ppatierno@xxxxxxxx]
> > Gesendet: Montag, 6. März 2017 18:11
> > An: hono developer discussions
> > Betreff: Re: [hono-dev] Support for encrypted and unencrypted AMQP port in
> > Hono
> > at the same time
> > 
> > I'm a bit confused about that because it seems that in this way the
> > "hono.server.port" can have two different meanings ...
> > Secure port if keyStorePath is set
> > 
> > Insecure port if keyStorePath is not set
> > but then ... if we set the keyStorePath, then the Insecure port is specified
> > with another parameter "hono.server.insecurePort".
> > Making hono.server.port mandatory we can't leverage on the IANA defaults.
> > If it's not mandatory and using the Kai's idea around the "allowInsecure"
> > flag we can have :
> > 1)
> > 
> > keyStorePath = <keyStorePath>
> > 
> > port = not configured or <port>
> > Only secure default 5671 (or <port>)
> > 2)
> > 
> > keyStorePath = <keyStorePath>
> > 
> > port = not configured or <port>
> > 
> > allowInsecure = true
> > 
> > insecurePort = not configured or <insecurePort>
> > both secure default 5671 (or <port>) and insecure (or <insecurePort>)
> > Agree about warnings if default ports are used in the "wrong" way.
> > Paolo Patierno
> > 
> > Senior Software Engineer (IoT) @ Red Hat
> > Microsoft MVP on Windows Embedded & IoT
> > 
> > Microsoft Azure Advisor
> > Twitter : @ppatierno
> > Linkedin : paolopatierno
> > Blog : DevExperience
> > 
> > From: hono-dev-bounces@xxxxxxxxxxx <hono-dev-bounces@xxxxxxxxxxx> on behalf
> > of
> > Frank Karsten (INST/ECS4) <Karsten.Frank@xxxxxxxxxxxx>
> > Sent: Monday, March 06, 2017 4:57 PM
> > To: hono developer discussions
> > Subject: Re: [hono-dev] Support for encrypted and unencrypted AMQP port in
> > Hono
> > at the same time
> > 
> > 
> > 
> > Thanks for all comments, I like to refine my proposal with the goal to keep
> > things simple to the following:
> > 
> > 1.) "hono.server.port" :
> > 
> > Is mandatory.
> > 
> > We stick to the strategy that Hono decides if the port is secure only by
> > trying
> > to find a "keyStorePath" configured.
> > 
> > We then reflect the standard port behaviour for AMQP (5671 secure, 5672
> > insecure) by printing a WARNING to the log files if it is violated.
> > 
> > Warnings are printed for:
> > - 5671 but no keyStorePath found
> > - 5672 but keyStorePath found
> > 
> > Why that?
> > I would prefer warnings instead of exceptions only for flexibility: to start
> > several Hono instances on the same machine (without using docker) sometimes
> > could be very
> > handy, and this would not be possible anymore if Hono refuses to start.
> > 
> > 
> > 2.) "hono.server.insecurePort":
> > 
> > Is optional, and always insecure, so no keyStorePath for that port.
> > 
> > Must never be set to 5671 (exception thrown) - the secure port can only be
> > configured for the "hono.server.port".
> > 
> > This would be still rather simple, still flexible and to a certain amount
> > reflect the standard port behaviour for AMQP.
> > 
> > What do you think?
> > 
> > Bosch Software Innovations GmbH
> > Development Core Products (INST/ECS6-Be)
> > Schöneberger Ufer 89-91
> > 10785 Berlin
> > GERMANY
> > www.bosch-si.de
> > www.blog.bosch-si.com
> > 
> > Tel. +49 30 726112-403
> > Fax +49 30 726112-100
> > Karsten.Frank@xxxxxxxxxxxx
> > 
> > Registered office: Berlin, Register court: Amtsgericht Charlottenburg, HRB
> > 148411 B
> > Executives: Dr.-Ing. Rainer Kallenbach, Michael Hahn
> > 
> > Von: hono-dev-bounces@xxxxxxxxxxx [hono-dev-bounces@xxxxxxxxxxx]" im Auftrag
> > von "Paolo Patierno [ppatierno@xxxxxxxx]
> > Gesendet: Montag, 6. März 2017 17:07
> > An: hono developer discussions
> > Betreff: Re: [hono-dev] Support for encrypted and unencrypted AMQP port in
> > Hono
> > at the same time
> > 
> > Some scenarios ... because I have a little confusion on the possibilities ...
> > 1)
> > 
> > hono.server.keyStorePath = null
> > 
> > hono.server.port not configured
> > 
> > hono.server.unsecurePort not configured (or hono.server.unsecurePort =
> > <unsecure_port>)
> > Hono server opens only the default "unsecure" 5672 (or <unsecure_port>) port
> > or
> > throws an exception because we want AT LEAST the secured one ? So "unsecure
> > port" not configured means ... no open this port
> > 2)
> > 
> > hono.server.keyStorePath = <keyStorePath>
> > 
> > hono.server.port not configured (or hono.server.port not configured = <port>)
> > 
> > hono.server.unsecurePort not configured
> > Hono server opens only the default "secure" 5671 port (or <port>)
> > 3)
> > hono.server.keyStorePath = <keyStorePath>
> > 
> > hono.server.port not configured (or hono.server.port not configured = <port>)
> > 
> > hono.server.unsecurePort = <unsecure_port>
> > Hono server opens both default "secure" 5671 (or <port>) and <unsecure_port>
> > What is the way to open both default ports ?
> > It seems to me that setting or not hono.server.keyStorePath --> open or not a
> > "secure" port
> > But what about opening the "unsecure" one ? Not configured --> open the
> > default
> > 5672 or not open it ?
> > Thanks,
> > 
> > Paolo
> > 
> > 
> > Paolo Patierno
> > 
> > Senior Software Engineer (IoT) @ Red Hat
> > Microsoft MVP on Windows Embedded & IoT
> > 
> > Microsoft Azure Advisor
> > Twitter : @ppatierno
> > Linkedin : paolopatierno
> > Blog : DevExperience
> > 
> > From: hono-dev-bounces@xxxxxxxxxxx <hono-dev-bounces@xxxxxxxxxxx> on behalf
> > of
> > Maas Ingo (INST/ECS4) <Ingo.Maas@xxxxxxxxxxxx>
> > Sent: Monday, March 06, 2017 3:48 PM
> > To: hono developer discussions
> > Subject: Re: [hono-dev] Support for encrypted and unencrypted AMQP port in
> > Hono
> > at the same time
> > 
> > 
> > 
> > Improving Kai's proposal, I would prefer "insecure" instead of "unsecure".
> > 
> > Kind regards,
> > 
> > Ingo Maas
> > 
> > Bosch Software Innovations GmbH
> > INST/ECS4
> > Schöneberger Ufer 89 - 91
> > 10785 Berlin
> > GERMANY
> > www.bosch-si.de
> > 
> > Tel. +49 30 726112-156
> > Fax +49 30 726112-100
> > ingo.maas@xxxxxxxxxxxx
> > 
> > Registered office: Berlin, Register court: Amtsgericht Charlottenburg, HRB
> > 148411 B
> > Executives: Dr.-Ing. Rainer Kallenbach, Michael Hahn
> > 
> > ________________________________________
> > Von: hono-dev-bounces@xxxxxxxxxxx [hono-dev-bounces@xxxxxxxxxxx]&quot; im
> > Auftrag von &quot;Hudalla Kai (INST/ECS4) [Kai.Hudalla@xxxxxxxxxxxx]
> > Gesendet: Montag, 6. März 2017 14:33
> > An: hono-dev@xxxxxxxxxxx
> > Betreff: Re: [hono-dev] Support for encrypted and unencrypted AMQP port in
> > Hono
> > at the same time
> > 
> > Hi Karsten,
> > 
> > thanks for the proposal. I have added some comments below...
> > 
> > Kai
> > 
> > On Mon, 2017-03-06 at 12:09 +0000, Frank Karsten (INST/ECS4) wrote:
> > > Hello,
> > > 
> > > while writing a HelloWorld tutorial for Hono to produce a Java client that
> > > is
> > > as simple as possible,
> > > I found out that:
> > > 
> > > - the Hono client is written for both variants (encrypted/unencrypted) and
> > > switches to "amqps" resp. "amqp" as protocol designator
> > > 
> > > - the Hono server though currently can be configured to EITHER encrypted
> > 
> > (based
> > > on hono.server.keyStorePath) OR unencrypted (if hono.server.keyStorePath is
> > > null, i.e. not configured) communication
> > > 
> > > 
> > > -> I propose to make the Hono server more flexible, so that both variants
> > > can
> > > be supported at the same time.
> > > 
> > > 
> > > Following I have in mind:
> > > 
> > > 1.) default should remain "only one port configured for SSL"
> > > 
> > 
> > agreed, we should always bind a "secure" port if keys are configured
> > 
> > > Hono server will always insist on finding this already available port and
> > > behaves like implemented: opens it for EITHER encrypted OR unencrypted
> > > communication.
> > > 
> > > Configuration:
> > > 
> > > hono:
> > >     server:
> > >        port: 5672
> > > 
> > > 
> > 
> > if keys are configured the secure port should better be 5671 which is the
> > IANA
> > registered port for AMQPS (aka AMQP over TLS)
> > 
> > > 2.) optionally a second port can be opened
> > > 
> > > Configuration:
> > > 
> > > hono:
> > >     server:
> > >        unEncryptedPort: 5671
> > > 
> > 
> > I'd rather call the ports "secure" and "unsecure" and the default for
> > "unsecure"
> > should be 5672 (as defined by the spec)
> > 
> > > 
> > > If Hono server additionally finds the port "unEncryptedPort" configured, it
> > > will open this as well and always opens it for unencrypted communication.
> > > 
> > > 3.) Hono client remains unchanged - it already works with both variants of
> > > server ports.
> > > 
> > 
> > IMHO we should adapt its behavior based on the default ports for secure and
> > unsecure communication, i.e. if no port is specified but a trust store is
> > configured, we should assume 5671 as the port, otherwise 5672
> > 
> > > 
> > > What do you think?
> > > 
> > > Looking forward to feedback...
> > > 
> > > Karsten (sysexcontrol)
> > > 
> > > Bosch Software Innovations GmbH
> > > Development Core Products (INST/ECS6-Be)
> > > Schöneberger Ufer 89-91
> > > 10785 Berlin
> > > GERMANY
> > > www.bosch-si.de
> > > www.blog.bosch-si.com
> > > 
> > > Tel. +49 30 726112-403
> > > Fax +49 30 726112-100
> > > Karsten.Frank@xxxxxxxxxxxx
> > > 
> > > Registered office: Berlin, Register court: Amtsgericht Charlottenburg, HRB
> > > 148411 B
> > > Executives: Dr.-Ing. Rainer Kallenbach, Michael Hahn
> > > 
> > > _______________________________________________
> > > hono-dev mailing list
> > > hono-dev@xxxxxxxxxxx
> > > To change your delivery options, retrieve your password, or unsubscribe
> > > from
> > > this list, visit
> > > https://dev.eclipse.org/mailman/listinfo/hono-dev
> > 
> > _______________________________________________
> > hono-dev mailing list
> > hono-dev@xxxxxxxxxxx
> > To change your delivery options, retrieve your password, or unsubscribe from
> > this list, visit
> > https://dev.eclipse.org/mailman/listinfo/hono-dev
> > _______________________________________________
> > hono-dev mailing list
> > hono-dev@xxxxxxxxxxx
> > To change your delivery options, retrieve your password, or unsubscribe from
> > this list, visit
> > https://dev.eclipse.org/mailman/listinfo/hono-dev
> > 
> > _______________________________________________
> > hono-dev mailing list
> > hono-dev@xxxxxxxxxxx
> > To change your delivery options, retrieve your password, or unsubscribe from
> > this list, visit
> > https://dev.eclipse.org/mailman/listinfo/hono-dev
> 
> _______________________________________________
> hono-dev mailing list
> hono-dev@xxxxxxxxxxx
> To change your delivery options, retrieve your password, or unsubscribe from
> this list, visit
> https://dev.eclipse.org/mailman/listinfo/hono-dev
> _______________________________________________
> hono-dev mailing list
> hono-dev@xxxxxxxxxxx
> To change your delivery options, retrieve your password, or unsubscribe from
> this list, visit
> https://dev.eclipse.org/mailman/listinfo/hono-dev

Back to the top