[teiid-issues] [JBoss JIRA] (TEIIDSB-86) Plans for secure socket transports

Steven Hawkins (Jira) issues at jboss.org
Tue May 14 10:09:00 EDT 2019 

    [ https://issues.jboss.org/browse/TEIIDSB-86?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13733275#comment-13733275 ] 

Steven Hawkins commented on TEIIDSB-86:
---------------------------------------

an sni passthrough route works as expected, with the caveat that using anonymous ssl seems problematic.  Using a static security.setproperty to update the disabled did not work - it does work in the same spring boot app locally.  That's something we can look at later.

This is where things stand:

||Secure Transport Options||Teiid JDBC||PG||
|End-to-end (internal and external) - Need to allow ssl configuration with either a user-provided cert or a generated one|passthrough route or loadbalancer for external|loadbalancer for external|
|Secure External and Clear Internal - Same as above for external - need to allow ssl configuration with either a user-provided cert or a generated one|Would require separate transports|Would require separate transports or an update to the logic requiring a secure connection based upon internal vs. external traffic|
|Clear|loadbalancer for external|loadbalancer for external|

Based upon all of this we should probably offer the following:

* clear transports (current), or 1-way secure transports using the service generated certificate (I'll validate that this works as expected)
* optional external exposure with a loadbalancer, which works for both transports with or without ssl.

It could be documented how to utilize a router for secure jdbc as well.  Two-way authentication and user supplied certs could be considered later.

> Plans for secure socket transports
> ----------------------------------
>
>                 Key: TEIIDSB-86
>                 URL: https://issues.jboss.org/browse/TEIIDSB-86
>             Project: Teiid Spring Boot
>          Issue Type: Quality Risk
>            Reporter: Steven Hawkins
>            Assignee: Steven Hawkins
>            Priority: Major
>             Fix For: 1.1.0
>
>
> The Teiid Spring Boot configuration allows for only non-secured pg / JDBC socket transports.  For external client scenarios and even for varying degrees of compliance with intra-cluster traffic, a secure layer may be required.



--
This message was sent by Atlassian Jira
(v7.12.1#712002)

More information about the teiid-issues mailing list