Uploaded image for project: 'Grouper'
  1. Grouper
  2. GRP-2920

RabbitMQ client support for SSL without client certificate or tls version

    XMLWordPrintable

Details

    • Improvement
    • Resolution: Fixed
    • Minor
    • 2.5.34
    • 2.5.0, 2.4.1
    • messaging
    • None

    Description

      The initial implementation of ssl in rabbitMQ was done in 2.4 patch 42. It requires 3 separate properties, and if any are null, ssl is not set up:

      grouper.messaging.system.rabbitmqSystem.tlsVersion = TLSv1.1
      		 
      grouper.messaging.system.rabbitmqSystem.pathToTrustStore = ...
      		 
      grouper.messaging.system.rabbitmqSystem.trustPassphrase = ...

       The client certificate shouldn't be strictly necessary. Also, the RabbitMQ client api even has a method to use ssl without even needing the version. Proposed:

      grouper.messaging.system.rabbitmqSystem.tlsVersion = default

      The default would be implemented the way amqp-client ConnectionFactory implements the default, which is 1.2 if it's available, otherwise 1.1. The trust store would be optional, and only used if set.

      Attachments

        Activity

          People

            chad.redman@at.internet2.edu Chad Redman (unc.edu)
            chad.redman@at.internet2.edu Chad Redman (unc.edu)
            Votes:
            0 Vote for this issue
            Watchers:
            1 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved: