Eventbus encryption
169 views
Skip to first unread message
sANTo L
Feb 22, 2017, 9:28:59 AM2/22/17
to vert.x
Hi,
I want to set up eventbus encryption but I can only find information on how to do this programmatically.
Because I am not setting up the eventbus programmatically, I was wondering if it's possible to define encryption settings (keystore, truststore, etc) via the command line
Thanks
sANTo
Clement Escoffier
Feb 22, 2017, 9:38:43 AM2/22/17
to ve...@googlegroups.com
Hi,
You can use a transport level encryption (SSL) as explained in: http://vertx.io/docs/vertx-core/java/#_configuring_the_event_bus.
Clement
--
You received this message because you are subscribed to the Google Groups "vert.x" group.
To unsubscribe from this group and stop receiving emails from it, send an email to vertx+un...@googlegroups.com.
Visit this group at https://groups.google.com/group/vertx.
To view this discussion on the web, visit https://groups.google.com/d/msgid/vertx/133ed623-1af2-479a-9fac-6198a97d242e%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
sANTo
Feb 22, 2017, 9:45:46 AM2/22/17
to ve...@googlegroups.com
Hi Clement,
I saw that documentation, but that's what I was referring to: this is programmatically while I prefer to do it on the commandline to prevent having to change the code of all my microservices
sANTo
On Wed, Feb 22, 2017 at 3:38 PM, Clement Escoffier <clement....@gmail.com> wrote:
Hi,You can use a transport level encryption (SSL) as explained in: http://vertx.io/docs/vertx-core/java/#_configuring_the_event_bus.Clement
On 22 Feb 2017, at 15:28, sANTo L <santo...@gmail.com> wrote:
Hi,I want to set up eventbus encryption but I can only find information on how to do this programmatically.Because I am not setting up the eventbus programmatically, I was wondering if it's possible to define encryption settings (keystore, truststore, etc) via the command lineThankssANTo
--
You received this message because you are subscribed to the Google Groups "vert.x" group.
To unsubscribe from this group and stop receiving emails from it, send an email to vertx+unsubscribe@googlegroups.com.
Visit this group at https://groups.google.com/group/vertx.
To view this discussion on the web, visit https://groups.google.com/d/msgid/vertx/133ed623-1af2-479a-9fac-6198a97d242e%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
--
You received this message because you are subscribed to a topic in the Google Groups "vert.x" group.
To unsubscribe from this topic, visit https://groups.google.com/d/topic/vertx/bn-lp47GpC8/unsubscribe.
To unsubscribe from this group and all its topics, send an email to vertx+unsubscribe@googlegroups.com.
Visit this group at https://groups.google.com/group/vertx.
To view this discussion on the web, visit https://groups.google.com/d/msgid/vertx/4A8D49A9-E293-4CC5-964F-48A67313381C%40gmail.com.
Clement Escoffier
Feb 22, 2017, 9:53:22 AM2/22/17
to ve...@googlegroups.com
On 22 Feb 2017, at 15:45, sANTo <santo...@gmail.com> wrote:Hi Clement,I saw that documentation, but that's what I was referring to: this is programmatically while I prefer to do it on the commandline to prevent having to change the code of all my microservices
Oh, sorry.
No I don’t think you can do it using the CLI.
Clement
To unsubscribe from this group and stop receiving emails from it, send an email to vertx+un...@googlegroups.com.
To view this discussion on the web, visit https://groups.google.com/d/msgid/vertx/CAH_85ZnQcOCy%3DAonmi6QkPvFwh_u72kHUDJV%3DDLWTUNR1R_VnA%40mail.gmail.com.
sANTo L
Feb 22, 2017, 10:06:41 AM2/22/17
to vert.x
On Wednesday, February 22, 2017 at 3:53:22 PM UTC+1, clement escoffier wrote:
On 22 Feb 2017, at 15:45, sANTo <santo...@gmail.com> wrote:Hi Clement,I saw that documentation, but that's what I was referring to: this is programmatically while I prefer to do it on the commandline to prevent having to change the code of all my microservicesOh, sorry.No I don’t think you can do it using the CLI.Clement
Ok, I see.
I thought it might have been possible, given that it's configured via VertxOptions which is already available on the commandline.
E.g. this:
-Dvertx.options.eventLoopPoolSizeand this:
-Dvertx.options.deployment.worker=trueis already possible, so it would have been really nice if one could do this as well:
-Dvertx.options.eventBusOptions.ssl=true-Dvertx.options.eventBusOptions.keystore.path=keystore.jcs -Dvertx.options.eventBusOptions.keystore.password=pwd -Dvertx.options.eventBusOptions.truststore.path=truststore.jcs -Dvertx.options.eventBusOptions.truststore.password=pwdThanks,
sANTo
sANTo L
Feb 25, 2017, 5:04:01 PM2/25/17
to vert.x
Because it's currently not possible to configure eventbus encryption using the CLI, I've modified my code to do it programmatically as explained in the docs: http://vertx.io/docs/vertx-core/java/#_configuring_the_event_bus.
Everything seems to work fine, i.e. eventbus clustering works and verticles can communicate.
However, when I disable ssl on one of the verticles, that verticle is still able to connect to the cluster AND communicate with the other verticles.
Being able to connect to the cluster might be correct because I didn't configure Hazelcast security / encryption as it is apparently only available in the Enterprise edition.
But being able to communicate with the other verticles seems odd to me.
But being able to communicate with the other verticles seems odd to me.
Am I doing something wrong or is this intended behaviour?
sANTo
Clement Escoffier
Feb 26, 2017, 3:02:46 AM2/26/17
to ve...@googlegroups.com
That sounds like a bug.
Can you provide a reproducer ?
Clement
sANTo--
You received this message because you are subscribed to the Google Groups "vert.x" group.
To unsubscribe from this group and stop receiving emails from it, send an email to vertx+un...@googlegroups.com.
Visit this group at https://groups.google.com/group/vertx.
To view this discussion on the web, visit https://groups.google.com/d/msgid/vertx/8658e833-eb99-4418-b73c-ee209f61142a%40googlegroups.com.
sANTo L
Feb 28, 2017, 7:12:48 AM2/28/17
to vert.x
Seems like I'm doing something wrong in my code as I wasn't able to create a simple reproducer.
Now I get this, which is the expected behaviour:
Client from origin /127.0.0.1:42828 failed to connect over ssl: io.netty.handler.ssl.NotSslRecordException: not an SSL/TLS record: 000000580109000000000c70696e672d616464726573730000002431323161626637302d633833322d346430622d383436622d3834393061323661323361320000a43a000000096c6f63616c686f7374000000040000000470696e67
So I'm probably overwriting the SSL configuration somehow in my code...
Reply all
Reply to author
Forward
0 new messages