Versions Compared

Old Version 9

changes.mady.by.user Nishith Nand

Saved on

compared with

New Version 10

changes.mady.by.user Nishith Nand

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

  • Security: The connection is secured by symmetric key cryptography. The key for this symmetric encryption is generated at the beginning of a connection and is based on a shared secret between the client and the server.
  • Authentication: The communicating parties can optionally be authenticated.
  • Integrity:  Each message transmitted includes a message integrity check using a message authentication code

 

The router supports SSL in server mode—external entities can enable SSL for their connection to the router—but the router currently does not have the option to enable SSL in client mode.

We need the following to enable SSL between router and app-fabric-server for two-way authentication:

  • Enable SSL in client mode on the router:
    • Needs a key store
    • Needs a certificate
  • Enable app-fabric-server to accept SSL connection requests:
    • Needs a key store
    • Needs a certificate

 

We can choose to not authenticate the client. This is what we plan to do for 4.0.

 

TLS/SSL needs a trust store and a keystore to function.

...

SASL allows users to plug-in the authentication and encryption system that suits their needs. Some SASL mechanisms support only authentication while others support use of a negotiated security layer after authentication. The security layer feature is often not used when the application uses some other means, such as SSL/TLS, to communicate securely with the peer.

 

 

 

The router supports SSL in server mode—external entities can enable SSL for their connection to the router—but the router currently does not have the option to enable SSL in client mode.

We need the following to enable SSL between router and app-fabric-server:

  • Enable SSL in client mode on the router:
    • Needs a key store
    • Needs a certificate

...

Plan for 4.0

For 4.0 we are only focussing on encryption and not authentication. The server will send a generated unsigned certificate on connection initiation and the client will accept that without verification. The client and the server will then continue with SSL handshake and encrypt the resulting connection.

...