[teiid-issues] [JBoss JIRA] (TEIIDSB-86) Plans for secure socket transports
Steven Hawkins (Jira)
issues at jboss.org
Thu May 2 09:53:00 EDT 2019
[ https://issues.jboss.org/browse/TEIIDSB-86?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13729041#comment-13729041 ]
Steven Hawkins commented on TEIIDSB-86:
---------------------------------------
On the teiid properties we either need to be able to specify truststore/keystore properties or assume that all relevant javax ssl properties will be set. However we currently expect at least an explicit setting for the ssl mode (enabled, disable, login). There is an optional setting for the authentication type (one-way, two-way, anonymous) - we can probably ignore the anonymous type for now.
On the openshift side, I think there was some initiative to add the cluster certificates to the default java image truststore. Here's a description of how it works manually with init containers: https://developers.redhat.com/blog/2017/11/22/dynamically-creating-java-keystores-openshift/
So with an additional service annotation we can have a service serving certificates secret and can use that as the private key.
> Plans for secure socket transports
> ----------------------------------
>
> Key: TEIIDSB-86
> URL: https://issues.jboss.org/browse/TEIIDSB-86
> Project: Teiid Spring Boot
> Issue Type: Quality Risk
> Reporter: Steven Hawkins
> Assignee: Steven Hawkins
> Priority: Major
> Fix For: 1.1.0
>
>
> The Teiid Spring Boot configuration allows for only non-secured pg / JDBC socket transports. For external client scenarios and even for varying degrees of compliance with intra-cluster traffic, a secure layer may be required.
--
This message was sent by Atlassian Jira
(v7.12.1#712002)
More information about the teiid-issues
mailing list