Bug 754376 - Document multiplexing of SSL and non-SSL connections over single port
Summary: Document multiplexing of SSL and non-SSL connections over single port
Keywords:
Status: CLOSED CURRENTRELEASE
Alias: None
Product: Red Hat Enterprise MRG
Classification: Red Hat
Component: Messaging_Programming_Reference
Version: Development
Hardware: Unspecified
OS: Unspecified
unspecified
unspecified
Target Milestone: 2.2
: ---
Assignee: Joshua Wulf
QA Contact: ecs-bugs
URL:
Whiteboard:
Depends On: 751845
Blocks:
TreeView+ depends on / blocked
 
Reported: 2011-11-16 10:04 UTC by Gordon Sim
Modified: 2014-10-19 22:59 UTC (History)
3 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2012-09-20 03:13:16 UTC
Target Upstream Version:
Embargoed:

Attachments (Terms of Use)

Description Gordon Sim 2011-11-16 10:04:21 UTC 
I.e. documenting the feature implemented in response to bug 751845.

I would suggest a note in the 'Enabling SSL for the MRG Messaging broker' section of 10.3 of the User Guide. It could be at the end or it could be tied to the description of --ssl-port. It could read something like the following:

  If the ssl port chosen is the same as the port for non-SSL connections
  (i.e. if the --ssl-port and --port options are the same), then both SSL
  encrypted and unencrypted connections can be established to that same
  port. In this configuration however there is no support for IPv6. 

We may or may not want to add that the SSL handshake is done on the thread accepting connections. It has a built in timeout, but it could be used by malicious clients to delay the handshake completion in order to impede the accepting of new connections.
Comment 2 David Ryan 2012-09-13 07:25:32 UTC 
Verified on stage.
Comment 3 Cheryn Tan 2012-09-20 02:53:50 UTC 
Released for MRG 2.2
Note You need to log in before you can comment on or make changes to this bug.