Chapter 9. Middleware Security
In this section we will discuss two different ways to enhance the security of your middleware configuration. Both of these options use Transport Layer Security (TLS) which is an enhanced version of Secure Sockets Layer (SSL).
TLS protects traffic by encrypting it with a pre-arranged symmetric key. This key is used to encrypt the traffic flowing between the two sides. Each side of the TLS connection can (optionally) validate the far side’s X.509 certificate. This asymmetric cryptography can assure that the far side with whom they are communicating is valid prior to sending any data.
As an example, when you connect to your bank’s website your browser does a cryptographic validation that the website is really your bank’s site. It does this by ensuring that the bank’s public key was signed (in an X.509 certificate) by an authority that the browser recognizes and trusts.
The bank does not usually require your browser to provide a certificate back to it proving who you are, although this is a valid TLS configuration.
If you wish to implement TLS encryption or Trusted TLS authentication it is essential that you understand these configuration choices.
- Anonymous TLS Security provides the easiest way to encrypt transport between the MCollective nodes and the middleware. Similar to web clients connecting to a secure web site, the client is not required to have a valid TLS certificate. The secure session is set up and end-to-end encryption protects the username ...