Bug 754376

Summary: Document multiplexing of SSL and non-SSL connections over single port
Product: Red Hat Enterprise MRG Reporter: Gordon Sim <gsim>
Component: Messaging_Programming_ReferenceAssignee: Joshua Wulf <jwulf>
Status: CLOSED CURRENTRELEASE QA Contact: ecs-bugs
Severity: unspecified Docs Contact:
Priority: unspecified    
Version: DevelopmentCC: chetan, dryan, lcarlon
Target Milestone: 2.2Keywords: Documentation
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2012-09-20 03:13:16 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 751845    
Bug Blocks:    

Description Gordon Sim 2011-11-16 10:04:21 UTC 
I.e. documenting the feature implemented in response to bug 751845.

I would suggest a note in the 'Enabling SSL for the MRG Messaging broker' section of 10.3 of the User Guide. It could be at the end or it could be tied to the description of --ssl-port. It could read something like the following:

  If the ssl port chosen is the same as the port for non-SSL connections
  (i.e. if the --ssl-port and --port options are the same), then both SSL
  encrypted and unencrypted connections can be established to that same
  port. In this configuration however there is no support for IPv6. 

We may or may not want to add that the SSL handshake is done on the thread accepting connections. It has a built in timeout, but it could be used by malicious clients to delay the handshake completion in order to impede the accepting of new connections.
Comment 2 David Ryan 2012-09-13 07:25:32 UTC 
Verified on stage.
Comment 3 Cheryn Tan 2012-09-20 02:53:50 UTC 
Released for MRG 2.2