+1 on that option as well.
Let the user consciously make a decision about enabling security and
configuring certificates. Providing tools would certainly simplify it
otherwise it would be daunting.
On Sat, Jan 11, 2014 at 2:22 AM, Darran Lofthouse
On 11/01/14 10:13, Arun Gupta wrote:
> Default config is Web profile ?
> Will HTTPs be not supported there ?
HTTPS is supported just not enabled by default as we don't have keys in
the distribution to be able to enable it. This is actually a topic I
want to discuss next week.
We have a few problems with having it enabled by default: -
- If we include keys in the distribution being open source those keys
are public knowledge.
- Also keys are specific to the host name used to connect to the
server so at best we could assume 'localhost' but in that scenario the
benefits of SSL are limited.
- We could create a new key on start up, this would delay the start up
time and also we have the default hostname assumption issue again.
- We could provide a set of ops and add wizards to the CLI and admin
console to manage the keys and certificates.
The latter is actually my preferred option but it would involve a little
bit of work all round but the main benefit being that a wizard gets to
ask the right questions.
> On Sat, Jan 11, 2014 at 2:01 AM, Stuart Douglas
> <stuart.w.douglas(a)gmail.com> wrote:
>> On Sat, Jan 11, 2014 at 10:56 AM, Arun Gupta <arun.gupta(a)gmail.com> wrote:
>>> - There are a bunch of ports listed in different
>>> <socket-binding-group>s in domain.xml such as for jacorb, groups-tcp,
>>> and messaging. I thought that only two ports are exposed by WildFly.
>>> What purpose do these ports serve ? What about 8443 ?
>> We are only going to have 2 ports in our default config, however when
>> running in full profile mode there are some additional services that are not
>> compatible with HTTP upgrade.
>> 8443 is the HTTPS port.
>> Jacorb is for CORBA, which cannot be done over HTTP upgrade.
>> jgroups is for clustering
>>> - What is new in jboss-cli.sh in WildFly from AS 7 ?
>>> - Where can I find the complete feature set for everything new in WF8 ?
>>> wildfly-dev mailing list
wildfly-dev mailing list