Chapter 11. Middleware Security

In this chapter, we will discuss two different ways to enhance security of your middleware connection. Both of these options use Transport Layer Security (TLS), which is an enhanced version of Secure Sockets Layer (SSL).

Note

Middleware security options control the ability to connect to the broker. Which queues and topics a node can read and write from is controlled by the authorizationEntry configuration documented in “Authentication and Authorization”.

MCollective has its own authorization system that controls whether or not a given MCollective request is allowed on a server, described in “Authorization”.

This layer of security only controls whether or not a node can connect to the broker and whether or not the communication is encrypted.

TLS protects traffic by encrypting it with a pre-arranged symmetric key. This key is used to encrypt the traffic flowing between the two sides. Each side of the TLS connection can (optionally) validate the far side’s X.509 certificate. This asymmetric cryptography can assure that the far side with whom they are communicating is valid prior to sending any data. 

Tip

When you connect to your bank’s website, the browser does a cryptographic validation that the website is really your bank’s site. It does this by ensuring that the bank’s public key was signed (in an X.509 certificate) by an authority that the browser recognizes and trusts.

The bank does not usually require your browser to provide a certificate back ...

Get Learning MCollective now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.