| Re: [hono-dev] Support for encrypted and unencrypted AMQP port in Hono at the same time |
|
Some scenarios ... because I have a little confusion on the possibilities ...
1) hono.server.keyStorePath = null hono.server.port not configured hono.server.unsecurePort not configured (or hono.server.unsecurePort = <unsecure_port>)
Hono server opens only the default "unsecure" 5672 (or <unsecure_port>) port or throws an exception because we want AT LEAST the secured one ? So "unsecure port" not configured means ... no open this port
2) hono.server.keyStorePath = <keyStorePath> hono.server.port
not configured (or hono.server.port not configured = <port>) hono.server.unsecurePort
not configured
Hono server opens only the default "secure" 5671 port (or <port>)
3)
hono.server.keyStorePath = <keyStorePath>
hono.server.port not configured (or hono.server.port not configured = <port>) hono.server.unsecurePort = <unsecure_port>
Hono server opens both default "secure" 5671 (or <port>) and <unsecure_port>
What is the way to open both default ports ?
It seems to me that setting or not hono.server.keyStorePath --> open or not a "secure" port
But what about opening the "unsecure" one ? Not configured --> open the default 5672 or not open it ?
Thanks, Paolo
Paolo Patierno
Senior Software Engineer (IoT) @ Red Hat
Microsoft MVP on Windows Embedded & IoT Microsoft Azure Advisor
From: hono-dev-bounces@xxxxxxxxxxx <hono-dev-bounces@xxxxxxxxxxx> on behalf of Maas Ingo (INST/ECS4) <Ingo.Maas@xxxxxxxxxxxx>
Sent: Monday, March 06, 2017 3:48 PM To: hono developer discussions Subject: Re: [hono-dev] Support for encrypted and unencrypted AMQP port in Hono at the same time Improving Kai's proposal, I would prefer "insecure" instead of "unsecure".
Kind regards, Ingo Maas Bosch Software Innovations GmbH INST/ECS4 Schöneberger Ufer 89 - 91 10785 Berlin GERMANY www.bosch-si.de Tel. +49 30 726112-156 Fax +49 30 726112-100 ingo.maas@xxxxxxxxxxxx Registered office: Berlin, Register court: Amtsgericht Charlottenburg, HRB 148411 B Executives: Dr.-Ing. Rainer Kallenbach, Michael Hahn ________________________________________ Von: hono-dev-bounces@xxxxxxxxxxx [hono-dev-bounces@xxxxxxxxxxx]" im Auftrag von "Hudalla Kai (INST/ECS4) [Kai.Hudalla@xxxxxxxxxxxx] Gesendet: Montag, 6. März 2017 14:33 An: hono-dev@xxxxxxxxxxx Betreff: Re: [hono-dev] Support for encrypted and unencrypted AMQP port in Hono at the same time Hi Karsten, thanks for the proposal. I have added some comments below... Kai On Mon, 2017-03-06 at 12:09 +0000, Frank Karsten (INST/ECS4) wrote: > Hello, > > while writing a HelloWorld tutorial for Hono to produce a Java client that is > as simple as possible, > I found out that: > > - the Hono client is written for both variants (encrypted/unencrypted) and > switches to "amqps" resp. "amqp" as protocol designator > > - the Hono server though currently can be configured to EITHER encrypted (based > on hono.server.keyStorePath) OR unencrypted (if hono.server.keyStorePath is > null, i.e. not configured) communication > > > -> I propose to make the Hono server more flexible, so that both variants can > be supported at the same time. > > > Following I have in mind: > > 1.) default should remain "only one port configured for SSL" > agreed, we should always bind a "secure" port if keys are configured > Hono server will always insist on finding this already available port and > behaves like implemented: opens it for EITHER encrypted OR unencrypted > communication. > > Configuration: > > hono: > server: > port: 5672 > > if keys are configured the secure port should better be 5671 which is the IANA registered port for AMQPS (aka AMQP over TLS) > 2.) optionally a second port can be opened > > Configuration: > > hono: > server: > unEncryptedPort: 5671 > I'd rather call the ports "secure" and "unsecure" and the default for "unsecure" should be 5672 (as defined by the spec) > > If Hono server additionally finds the port "unEncryptedPort" configured, it > will open this as well and always opens it for unencrypted communication. > > 3.) Hono client remains unchanged - it already works with both variants of > server ports. > IMHO we should adapt its behavior based on the default ports for secure and unsecure communication, i.e. if no port is specified but a trust store is configured, we should assume 5671 as the port, otherwise 5672 > > What do you think? > > Looking forward to feedback... > > Karsten (sysexcontrol) > > Bosch Software Innovations GmbH > Development Core Products (INST/ECS6-Be) > Schöneberger Ufer 89-91 > 10785 Berlin > GERMANY > www.bosch-si.de > www.blog.bosch-si.com > > Tel. +49 30 726112-403 > Fax +49 30 726112-100 > Karsten.Frank@xxxxxxxxxxxx > > Registered office: Berlin, Register court: Amtsgericht Charlottenburg, HRB > 148411 B > Executives: Dr.-Ing. Rainer Kallenbach, Michael Hahn > > _______________________________________________ > hono-dev mailing list > hono-dev@xxxxxxxxxxx > To change your delivery options, retrieve your password, or unsubscribe from > this list, visit > https://dev.eclipse.org/mailman/listinfo/hono-dev _______________________________________________ hono-dev mailing list hono-dev@xxxxxxxxxxx To change your delivery options, retrieve your password, or unsubscribe from this list, visit https://dev.eclipse.org/mailman/listinfo/hono-dev _______________________________________________ hono-dev mailing list hono-dev@xxxxxxxxxxx To change your delivery options, retrieve your password, or unsubscribe from this list, visit https://dev.eclipse.org/mailman/listinfo/hono-dev |