qpid-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Andrew Stitcher <astitc...@redhat.com>
Subject Re: Proposed SASL changes (API and functional)
Date Tue, 03 Mar 2015 18:43:58 GMT
On Tue, 2015-03-03 at 15:28 +0000, Gordon Sim wrote:
> On 03/03/2015 01:50 AM, Andrew Stitcher wrote:
> > On Mon, 2015-03-02 at 18:41 +0000, Gordon Sim wrote:
> >> In fact the c++ broker doesn't use an AMQP 1.0 style layer for SSL at
> >> all - i.e. it does not recognise the special AMQP 1.0 TLS header sent in
> >> the clear prior to TLS handshaking as described in 5.2 of the AMQP spec.
> >> The qpid::messaging c++ client doesn't send one either. Both use the
> >> 'alternative establishment' as described by 5.2.1 (though for a
> >> different reason than the one suggested there). So yet another point of
> >> possible interoperability issues.
> >
> > FYI: Currently Proton-C does not support the "AMQP 1.0" style SSL header
> > either to send or receive (they are recognised for error message
> > purposes currently)
> 
> Thanks for the clarification! I was planning to investigate that, since 
> I knew that ssl 'works' between proton-c and qpidd.
> 
> > - this is a piece of work I have scheduled post the
> > SASL integration.
> 
> We probably want to retain some way of using the 'alternative 
> establishment' as well, in order to not lose interop.

Here my focus is on the server end autodetection, so better interop is
achieved by coping with both SSL alternatives.

I think that initially, the correct default for the client should be to
use the AMQP 1.0 type header for the default port (5672) and the
"alternative establishment" for other ports (5761 or other). 

Andrew



---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@qpid.apache.org
For additional commands, e-mail: users-help@qpid.apache.org


Mime
View raw message