-
Notifications
You must be signed in to change notification settings - Fork 139
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Feat[bmq, mqb]: Support TLS listeners #549
base: main
Are you sure you want to change the base?
Conversation
93f478c
to
a1e957d
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Very quick pass on the draft
"loggingVerbosity": "TRACE", | ||
"consoleSeverityThreshold": "TRACE", |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Is this change intentional?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
No, seems like a leftover from local testing
<< ", status: " << st | ||
<< "]"; // #review st -> status? bug here before |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Good catch
ntca::EncryptionClientOptions encryptionClientOptions; | ||
// Set the minimum version to TLS 1.3 | ||
encryptionClientOptions.setMinMethod(ntca::EncryptionMethod::e_TLS_V1_3); | ||
encryptionClientOptions.setMaxMethod(ntca::EncryptionMethod::e_TLS_V1_3); |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Curious to see what others think here. From the ntc docs, it looks like we could use e_DEFAULT
here. The client can then use v1.3 up to ntc's max supported version without needing to make code changes here (when 1.4 eventually lands)?
struct EncryptionMethod {
public:
/// Enumerate the methods of encryption.
enum Value {
/// When specified as a minimum version, the minimum version is
/// interpreted as the minimum version suggested by the current
/// standards of cryptography. When specified as a maximum version, the
/// maximum version is interpreted as the maximum version supported by
/// the implementation.
e_DEFAULT,
...
Added ===== - TLS configuration in broker config - Helper script for generating test certs and CAs - TLS options for NtcChannel - Loading certificates and authority data specified from bmqbrkrcfg.json - SessionOptions to bmq package for configuring client sessions - --tls-authority and --tls-version options to bmqtool to configure session options - Client sessions will now require broker TLS sessions when TLS protocol versions are specified - Create CertificateStore component for bmqio - Integration tests for TLS Changed ======= - Update ntf-core and bde dependencies Signed-off-by: Taylor Foxhall <tfoxhall@bloomberg.net> Signed-off-by: Evgeny Malygin <emalygin@bloomberg.net>
Added
Changed