SSL for EventBus

[Jori]

I'm just about to start using vertx; checked the documentation.

What is not clear for me:  is there a possibility to secure the eventBus communication using SSL?
How can I prevent others from reading eavesdropping the communication on the event bus?
(Am I missing something?)

Is this feature out of scope for vertx?

[Hoan Nguyen Van]

I think current there is no security for EventBus.

Vào 02:50:00 UTC+7 Thứ tư, ngày 24 tháng tư năm 2013, Jori đã viết:

[Jori]

So possible options are:

- add a custom implementation of the event bus "simply" using TSL
  (don't know if this would be easy)

- do the security outside of vertx: make the eventbus connect to a localhost component
  (possibly implemented using vertx) that handles TSL transparently.
  (it may be necessary to change vertx to make it connect to localhost?)

Any other options?

[Tim Fox]

A vert.x cluster is intended to be used on your own LAN where you
control the security so encryption wouldn't normally be necessary.

Can you elaborate why you need this feature? Are you intending on
running Vert.x on a public network?

> --
> You received this message because you are subscribed to the Google
> Groups "vert.x" group.
> To unsubscribe from this group and stop receiving emails from it, send
> an email to vertx+un...@googlegroups.com.
> For more options, visit https://groups.google.com/groups/opt_out.
>
>

[Jori]

Generally speaking, I'm thinking of a system of nodes with different roles.

Each of the nodes runs a vertx-instance and communication is done over
the distributed eventbus (loose coupling, no need to know connection details
about the receiving node(s) ).

The network is not necessarily a public one (can be) but normally a LAN / WLAN.
Part of the nodes are mobile devices.
I also want to allow other nodes / devices to use the LAN, but not being able to
read the communication on the event bus (in case of a public network this even more
of a concern).
Thats why I want to have encryption.

If TSL for the event bus is currently not possible, what about my other options I proposed?

[Tim Fox]

Currently there is no encryption between the server side nodes on the LAN, since we assume this is your own LAN and you can limit access.

There is encryption out to browser nodes of the event bus via the normal https, wss means.

Please feel free to add a github issue feature request for encryption of the server node traffic.

[Jori]

As you proposed, I added an issue on github.

[Richard Warburton]

Hi,

As you proposed, I added an issue on github.

+1 for this feature, but I couldn't find the issue you filed - what's its number?

@Timfox - are there any other problems with running vertx not on a lan?  At work we've been using for a prototype product, deployed to cloud hosting - so I'm quite interested to know if there's anything we need to be aware of.

regards,

  Richard Warburton

  http://insightfullogic.com

  @RichardWarburto

[Jori]

Its Issue #574 : Encryption for EventBus.

[Pete]

Hi All

Is there any update on this issue?

Does it apply to 3.x too?

Thanks,

Pete

[jori]

See https://github.com/eclipse/vert.x/issues/1275 for recent comments on the topic.

[ad...@cs.miami.edu]

>>  Can you elaborate why you need this feature? Are you intending on
running Vert.x on a public network?

I know this is an old thread, but since it was recently bumped I thought I would add my 2 cents in response to Tims' question.  I would be in favor of an event bus over SSL.  We run most of our servers on VPS containers which is a somewhat public network. 

In the current vert.x project I am working on, I am favoring towards http requests between JVMs on different VPSs ( as opposed to using the event but), because there is no SSL over the wire with the event box.  This may not be a bad thing as http will work fine (maybe even better as it allows more portable types of services), but the lack of SSL on the event bus made the decision for me (as opposed to a more thoughtful consideration of other features).

-Adam