751845 – Allow SSL and non-SSL connections on the same port

Bug 751845 - Allow SSL and non-SSL connections on the same port

Summary: Allow SSL and non-SSL connections on the same port

Keywords:
Status:	CLOSED ERRATA
Alias:	None
Product:	Red Hat Enterprise MRG
Classification:	Red Hat
Component:	qpid-cpp
Sub Component:
Version:	2.1
Hardware:	Unspecified
OS:	Unspecified
Priority:	medium
Severity:	medium
Target Milestone:	2.1.2
Target Release:	---
Assignee:	Gordon Sim
QA Contact:	Frantisek Reznicek
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:	754376 783492
TreeView+	depends on / blocked

Reported:	2011-11-07 18:41 UTC by Justin Ross
Modified:	2015-11-16 01:13 UTC (History)
CC List:	4 users (show)
Fixed In Version:	qpid-cpp-mrg-0.14-3.el5
Doc Type:	Enhancement
Doc Text:	Cause: Support in the broker for listening on SSL encrypted sockets and plain TCP sockets is implemented by two distinct modules, each listening on its own port. Consequence: It is not therefore possible to serve both SSL and non-SSL connection from the same port. A deployment requiring both types needs to advertise two port numbers. This is not always possible or convenient Change: The SSL module has been changed to optionally serve plain (non-SSL encrypted) connections using the same port. Result: If required a single port can be advertised that will support both SSL and non-SSL traffic. This is enabled by setting the --ssl-port and --port option to the same value. Note that under this configuration there is at present no support for IPv6 addresses.
Clone Of:
Environment:
Last Closed:	2012-04-30 17:53:06 UTC
Target Upstream Version:
Embargoed:

Attachments	(Terms of Use)

Links
System	ID	Private	Priority	Status	Summary	Last Updated
Red Hat Product Errata	RHSA-2012:0529	0	normal	SHIPPED_LIVE	Moderate: Red Hat Enterprise MRG Messaging 2.1 security and enhancement update	2012-04-30 21:48:25 UTC

Description Justin Ross 2011-11-07 18:41:58 UTC

See https://issues.apache.org/jira/browse/QPID-3514

Comment 2 Gordon Sim 2011-11-08 10:16:10 UTC

    Technical note added. If any revisions are required, please edit the "Technical Notes" field
    accordingly. All revisions will be proofread by the Engineering Content Services team.
    
    New Contents:
Cause:

Support in the broker for listening on SSL encrypted sockets and plain TCP sockets is implemented by two distinct modules, each listening on its own port.

Consequence:

It is not therefore possible to serve both SSL and non-SSL connection from the same port. A deployment requiring both types needs to advertise two port numbers. This is not always possible or convenient

Change:

The SSL module has been changed to optionally serve plain (non-SSL encrypted) connections using the same port.

Result:

If required a single port can be advertised that will support both SSL and non-SSL traffic. This is enabled by setting the --ssl-port and --port option to the same value. Note that under this configuration there is at present no support for IPv6 addresses.

Comment 5 Frantisek Reznicek 2012-01-20 08:35:35 UTC

The feature has been implemented and it's proved to be functional on RHEL 5.7 / 6.2 i[36]86 / x86_64 on packages:

python-qpid-0.14-1.el5
python-qpid-qmf-0.14-2.el5
qpid-cpp-client-0.14-4.el5
qpid-cpp-client-devel-0.14-4.el5
qpid-cpp-client-devel-docs-0.14-4.el5
qpid-cpp-client-rdma-0.14-4.el5
qpid-cpp-client-ssl-0.14-4.el5
qpid-cpp-mrg-debuginfo-0.14-4.el5
qpid-cpp-server-0.14-4.el5
qpid-cpp-server-cluster-0.14-4.el5
qpid-cpp-server-devel-0.14-4.el5
qpid-cpp-server-rdma-0.14-4.el5
qpid-cpp-server-ssl-0.14-4.el5
qpid-cpp-server-store-0.14-4.el5
qpid-cpp-server-xml-0.14-4.el5
qpid-java-client-0.14-1.el5
qpid-java-common-0.14-1.el5
qpid-java-example-0.14-1.el5
qpid-qmf-0.14-2.el5
qpid-qmf-debuginfo-0.14-2.el5
qpid-qmf-devel-0.14-2.el5
qpid-tests-0.14-1.el5
qpid-tools-0.14-1.el5
ruby-qpid-qmf-0.14-2.el5

-> VERIFIED

Comment 6 errata-xmlrpc 2012-04-30 17:53:06 UTC

Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

http://rhn.redhat.com/errata/RHSA-2012-0529.html

Note You need to log in before you can comment on or make changes to this bug.