Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Support encrypted binary protocol (Tarantool Enterprise) #22

Open
Totktonada opened this issue Jun 18, 2022 · 0 comments · May be fixed by #28
Open

Support encrypted binary protocol (Tarantool Enterprise) #22

Totktonada opened this issue Jun 18, 2022 · 0 comments · May be fixed by #28

Comments

@Totktonada
Copy link

The connector should be able to connect to Tarantool Enterprise using the encrypted protocol.

Documentation: https://www.tarantool.io/en/enterprise_doc/security/#enterprise-iproto-encryption

Similar issues in other Tarantool connectors:

(We plan to implement it in Q3'2022. The issue is filed for planning/tracking purposes.)
DifferentialOrange added a commit to DifferentialOrange/asynctnt that referenced this issue Aug 10, 2022
@DifferentialOrange
Fix running tests for Tarantool Enterprise
8a8a227 
Stream tests use `tarantool -V` output to check version. For Tarantool
Enterprise, `tarantool -V` output is "Tarantool Enterprise <version>",
thus it is incorrect to extract the version tag by splitting by spaces.

Part of igorcoding#22
DifferentialOrange added a commit to DifferentialOrange/asynctnt that referenced this issue Aug 10, 2022
@DifferentialOrange
Rename internal _transport variable
a6f8404 
"transport" is a keyword that is used to define SSL connection in
Tarantool Enterprise 2.10 and newer. It would be convenient to use
`self._transport` to store user input `transport` variable, but this
name is already used to store connection transport. This patch renames
the instance variable.

Part of igorcoding#22
DifferentialOrange added a commit to DifferentialOrange/asynctnt that referenced this issue Aug 10, 2022
@DifferentialOrange
Support SSL encrypted connection to Tarantool EE
dc74d65 
This patch adds support for using SSL to encrypt the client-server
communications [1]. The patch is based on similar patch in
tarantool/tarantool-python connector [2].

To use SSL encrypted connection, use Connection parameters:

  conn = asynctnt.Connection(host='127.0.0.1',
                             port=3301,
                             transport=asynctnt.Transport.SSL,
                             ssl_key_file='./ssl/host.key',
                             ssl_cert_file='./ssl/host.crt',
                             ssl_ca_file='./ssl/ca.crt',
                             ssl_ciphers='ECDHE-RSA-AES256-GCM-SHA384')

If Tarantool server uses "ssl" transport, client connection also need to
use asynctnt.Transport.SSL transport. If server side had ssl_ca_file
set, ssl_key_file and ssl_cert_file are mandatory from the client side,
otherwise optional. CA file and ciphers are optional. See available
ciphers in Tarantool EE documentation [3].

1. https://www.tarantool.io/en/enterprise_doc/security/#enterprise-iproto-encryption
2. tarantool/tarantool-python#220
3. https://www.tarantool.io/en/enterprise_doc/security/#supported-ciphers

Closes igorcoding#22
DifferentialOrange added a commit to DifferentialOrange/asynctnt that referenced this issue Aug 10, 2022
@DifferentialOrange
Support starting Tarantool server with SSL
0e9b087 
SSL encrypted server could be started with Tarantool Enterprise 2.10 or
newer. To configure encryption, additional listen params must be passed.
ssl_key_file and ssl_cert_file are mandatory if transport is
asynctnt.Transport.SSL .

Follows up igorcoding#22
DifferentialOrange added a commit to DifferentialOrange/asynctnt that referenced this issue Aug 10, 2022
@DifferentialOrange
Add SSL tests
19e7e3e 
To run SSL tests, use Tarantool Enterprise 2.10 or newer and set
TEST_TT_SSL=TRUE flag.

Follows up igorcoding#22
DifferentialOrange added a commit to DifferentialOrange/asynctnt that referenced this issue Aug 11, 2022
@DifferentialOrange
Add SSL tests
e935ef8 
To run SSL tests, use Tarantool Enterprise 2.10 or newer and set
TEST_TT_SSL=TRUE flag. The patch is based on similar patch in
tarantool/tarantool-python connector [1].

1. tarantool/tarantool-python#220

Follows up igorcoding#22
DifferentialOrange added a commit to DifferentialOrange/asynctnt that referenced this issue Aug 11, 2022
@DifferentialOrange
Add SSL tests
205bb67 
To run SSL tests, use Tarantool Enterprise 2.10 or newer and set
TEST_TT_SSL=TRUE flag. The patch is based on similar patch in
tarantool/tarantool-python connector [1].

1. tarantool/tarantool-python#220

Follows up igorcoding#22
DifferentialOrange added a commit to DifferentialOrange/asynctnt that referenced this issue Aug 11, 2022
@DifferentialOrange
Support SSL encrypted connection to Tarantool EE
2ced3cf 
This patch adds support for using SSL to encrypt the client-server
communications [1]. The patch is based on a similar patch in
tarantool/tarantool-python connector [2].

To use SSL encrypted connection, use Connection parameters:

  conn = asynctnt.Connection(host='127.0.0.1',
                             port=3301,
                             transport=asynctnt.Transport.SSL,
                             ssl_key_file='./ssl/host.key',
                             ssl_cert_file='./ssl/host.crt',
                             ssl_ca_file='./ssl/ca.crt',
                             ssl_ciphers='ECDHE-RSA-AES256-GCM-SHA384')

If Tarantool server uses "ssl" transport, client connection also need to
use asynctnt.Transport.SSL transport. If server side had ssl_ca_file
set, ssl_key_file and ssl_cert_file are mandatory from the client side,
otherwise optional. CA file and ciphers are optional. See available
ciphers in Tarantool EE documentation [3].

1. https://www.tarantool.io/en/enterprise_doc/security/#enterprise-iproto-encryption
2. tarantool/tarantool-python#220
3. https://www.tarantool.io/en/enterprise_doc/security/#supported-ciphers

Closes igorcoding#22
DifferentialOrange added a commit to DifferentialOrange/asynctnt that referenced this issue Aug 11, 2022
@DifferentialOrange
Support starting Tarantool server with SSL
054093a 
SSL encrypted server could be started with Tarantool Enterprise 2.10 or
newer. To configure encryption, additional listen params must be passed.
ssl_key_file and ssl_cert_file are mandatory if transport is
asynctnt.Transport.SSL .

Follows up igorcoding#22
DifferentialOrange added a commit to DifferentialOrange/asynctnt that referenced this issue Aug 11, 2022
@DifferentialOrange
Add SSL tests
3fb0756 
To run SSL tests, use Tarantool Enterprise 2.10 or newer and set
TEST_TT_SSL=TRUE flag. The patch is based on a similar patch in
tarantool/tarantool-python connector [1].

1. tarantool/tarantool-python#220

Follows up igorcoding#22
@DifferentialOrange DifferentialOrange linked a pull request Aug 11, 2022 that will close this issue
Open
DifferentialOrange added a commit to DifferentialOrange/asynctnt that referenced this issue Aug 16, 2022
@DifferentialOrange
Support SSL encrypted connection to Tarantool EE
4663bf1 
This patch adds support for using SSL to encrypt the client-server
communications [1]. The patch is based on a similar patch in
tarantool/tarantool-python connector [2].

To use SSL encrypted connection, use Connection parameters:

  conn = asynctnt.Connection(host='127.0.0.1',
                             port=3301,
                             transport=asynctnt.Transport.SSL,
                             ssl_key_file='./ssl/host.key',
                             ssl_cert_file='./ssl/host.crt',
                             ssl_ca_file='./ssl/ca.crt',
                             ssl_ciphers='ECDHE-RSA-AES256-GCM-SHA384')

If Tarantool server uses "ssl" transport, client connection also need to
use asynctnt.Transport.SSL transport. If server side had ssl_ca_file
set, ssl_key_file and ssl_cert_file are mandatory from the client side,
otherwise optional. CA file and ciphers are optional. See available
ciphers in Tarantool EE documentation [3].

1. https://www.tarantool.io/en/enterprise_doc/security/#enterprise-iproto-encryption
2. tarantool/tarantool-python#220
3. https://www.tarantool.io/en/enterprise_doc/security/#supported-ciphers

Closes igorcoding#22
DifferentialOrange added a commit to DifferentialOrange/asynctnt that referenced this issue Aug 16, 2022
@DifferentialOrange
Support starting Tarantool server with SSL
dccc4a1 
SSL encrypted server could be started with Tarantool Enterprise 2.10 or
newer. To configure encryption, additional listen params must be passed.
ssl_key_file and ssl_cert_file are mandatory if transport is
asynctnt.Transport.SSL .

Follows up igorcoding#22
DifferentialOrange added a commit to DifferentialOrange/asynctnt that referenced this issue Aug 16, 2022
@DifferentialOrange
Add SSL tests
56fc62a 
To run SSL tests, use Tarantool Enterprise 2.10 or newer and set
TEST_TT_SSL=TRUE flag. The patch is based on a similar patch in
tarantool/tarantool-python connector [1].

1. tarantool/tarantool-python#220

Follows up igorcoding#22
DifferentialOrange added a commit to DifferentialOrange/asynctnt that referenced this issue Aug 17, 2022
@DifferentialOrange
Support SSL encrypted connection to Tarantool EE
1f5848c 
This patch adds support for using SSL to encrypt the client-server
communications [1]. The patch is based on a similar patch in
tarantool/tarantool-python connector [2].

To use SSL encrypted connection, use Connection parameters:

  conn = asynctnt.Connection(host='127.0.0.1',
                             port=3301,
                             transport=asynctnt.Transport.SSL,
                             ssl_key_file='./ssl/host.key',
                             ssl_cert_file='./ssl/host.crt',
                             ssl_ca_file='./ssl/ca.crt',
                             ssl_ciphers='ECDHE-RSA-AES256-GCM-SHA384')

If Tarantool server uses "ssl" transport, client connection also need to
use asynctnt.Transport.SSL transport. If server side had ssl_ca_file
set, ssl_key_file and ssl_cert_file are mandatory from the client side,
otherwise optional. CA file and ciphers are optional. See available
ciphers in Tarantool EE documentation [3].

1. https://www.tarantool.io/en/enterprise_doc/security/#enterprise-iproto-encryption
2. tarantool/tarantool-python#220
3. https://www.tarantool.io/en/enterprise_doc/security/#supported-ciphers

Closes igorcoding#22
DifferentialOrange added a commit to DifferentialOrange/asynctnt that referenced this issue Aug 17, 2022
@DifferentialOrange
Support starting Tarantool server with SSL
6cfdb1a 
SSL encrypted server could be started with Tarantool Enterprise 2.10 or
newer. To configure encryption, additional listen params must be passed.
ssl_key_file and ssl_cert_file are mandatory if transport is
asynctnt.Transport.SSL .

Follows up igorcoding#22
DifferentialOrange added a commit to DifferentialOrange/asynctnt that referenced this issue Aug 17, 2022
@DifferentialOrange
Add SSL tests
81ca2dd 
To run SSL tests, use Tarantool Enterprise 2.10 or newer and set
TEST_TT_SSL=TRUE flag. The patch is based on a similar patch in
tarantool/tarantool-python connector [1].

1. tarantool/tarantool-python#220

Follows up igorcoding#22
DifferentialOrange added a commit to DifferentialOrange/asynctnt that referenced this issue Aug 18, 2022
@DifferentialOrange
Support SSL encrypted connection to Tarantool EE
6fbefb8 
This patch adds support for using SSL to encrypt the client-server
communications [1]. The patch is based on a similar patch in
tarantool/tarantool-python connector [2].

To use SSL encrypted connection, use Connection parameters:

  conn = asynctnt.Connection(host='127.0.0.1',
                             port=3301,
                             transport=asynctnt.Transport.SSL,
                             ssl_key_file='./ssl/host.key',
                             ssl_cert_file='./ssl/host.crt',
                             ssl_ca_file='./ssl/ca.crt',
                             ssl_ciphers='ECDHE-RSA-AES256-GCM-SHA384')

If Tarantool server uses "ssl" transport, client connection also need to
use asynctnt.Transport.SSL transport. If server side had ssl_ca_file
set, ssl_key_file and ssl_cert_file are mandatory from the client side,
otherwise optional. CA file and ciphers are optional. See available
ciphers in Tarantool EE documentation [3].

1. https://www.tarantool.io/en/enterprise_doc/security/#enterprise-iproto-encryption
2. tarantool/tarantool-python#220
3. https://www.tarantool.io/en/enterprise_doc/security/#supported-ciphers

Closes igorcoding#22
DifferentialOrange added a commit to DifferentialOrange/asynctnt that referenced this issue Aug 18, 2022
@DifferentialOrange
Support starting Tarantool server with SSL
0712a5a 
SSL encrypted server could be started with Tarantool Enterprise 2.10 or
newer. To configure encryption, additional listen params must be passed.
ssl_key_file and ssl_cert_file are mandatory if transport is
asynctnt.Transport.SSL .

Follows up igorcoding#22
DifferentialOrange added a commit to DifferentialOrange/asynctnt that referenced this issue Aug 18, 2022
@DifferentialOrange
Add SSL tests
2d966cf 
To run SSL tests, use Tarantool Enterprise 2.10 or newer and set
TEST_TT_SSL=TRUE flag. The patch is based on a similar patch in
tarantool/tarantool-python connector [1].

1. tarantool/tarantool-python#220

Follows up igorcoding#22
DifferentialOrange added a commit to DifferentialOrange/asynctnt that referenced this issue Aug 22, 2022
@DifferentialOrange
Fix running tests for Tarantool Enterprise
108c6f9 
Stream tests use `tarantool -V` output to check version. For Tarantool
Enterprise, `tarantool -V` output is "Tarantool Enterprise <version>",
thus it is incorrect to extract the version tag by splitting by spaces.

Part of igorcoding#22
DifferentialOrange added a commit to DifferentialOrange/asynctnt that referenced this issue Aug 22, 2022
@DifferentialOrange
Support SSL encrypted connection to Tarantool EE
2dbe12c 
This patch adds support for using SSL to encrypt the client-server
communications [1]. The patch is based on a similar patch in
tarantool/tarantool-python connector [2].

To use SSL encrypted connection, use Connection parameters:

  conn = asynctnt.Connection(host='127.0.0.1',
                             port=3301,
                             transport=asynctnt.Transport.SSL,
                             ssl_key_file='./ssl/host.key',
                             ssl_cert_file='./ssl/host.crt',
                             ssl_ca_file='./ssl/ca.crt',
                             ssl_ciphers='ECDHE-RSA-AES256-GCM-SHA384')

If Tarantool server uses "ssl" transport, client connection also need to
use asynctnt.Transport.SSL transport. If server side had ssl_ca_file
set, ssl_key_file and ssl_cert_file are mandatory from the client side,
otherwise optional. CA file and ciphers are optional. See available
ciphers in Tarantool EE documentation [3].

1. https://www.tarantool.io/en/enterprise_doc/security/#enterprise-iproto-encryption
2. tarantool/tarantool-python#220
3. https://www.tarantool.io/en/enterprise_doc/security/#supported-ciphers

Closes igorcoding#22
DifferentialOrange added a commit to DifferentialOrange/asynctnt that referenced this issue Aug 22, 2022
@DifferentialOrange
Support starting Tarantool server with SSL
2aa4233 
SSL encrypted server could be started with Tarantool Enterprise 2.10 or
newer. To configure encryption, additional listen params must be passed.
ssl_key_file and ssl_cert_file are mandatory if transport is
asynctnt.Transport.SSL .

Follows up igorcoding#22
DifferentialOrange added a commit to DifferentialOrange/asynctnt that referenced this issue Aug 22, 2022
@DifferentialOrange
Add SSL tests
c10496e 
To run SSL tests, use Tarantool Enterprise 2.10 or newer and set
TEST_TT_SSL=TRUE flag. The patch is based on a similar patch in
tarantool/tarantool-python connector [1].

1. tarantool/tarantool-python#220

Follows up igorcoding#22
DifferentialOrange added a commit to DifferentialOrange/asynctnt that referenced this issue Aug 24, 2022
@DifferentialOrange
Support SSL encrypted connection to Tarantool EE
8b72969 
This patch adds support for using SSL to encrypt the client-server
communications [1]. The patch is based on a similar patch in
tarantool/tarantool-python connector [2].

To use SSL encrypted connection, use Connection parameters:

  conn = asynctnt.Connection(host='127.0.0.1',
                             port=3301,
                             transport=asynctnt.Transport.SSL,
                             ssl_key_file='./ssl/host.key',
                             ssl_cert_file='./ssl/host.crt',
                             ssl_ca_file='./ssl/ca.crt',
                             ssl_ciphers='ECDHE-RSA-AES256-GCM-SHA384')

If Tarantool server uses "ssl" transport, client connection also need to
use asynctnt.Transport.SSL transport. If server side had ssl_ca_file
set, ssl_key_file and ssl_cert_file are mandatory from the client side,
otherwise optional. CA file and ciphers are optional. See available
ciphers in Tarantool EE documentation [3].

1. https://www.tarantool.io/en/enterprise_doc/security/#enterprise-iproto-encryption
2. tarantool/tarantool-python#220
3. https://www.tarantool.io/en/enterprise_doc/security/#supported-ciphers

Closes igorcoding#22
DifferentialOrange added a commit to DifferentialOrange/asynctnt that referenced this issue Aug 24, 2022
@DifferentialOrange
Support starting Tarantool server with SSL
6f934fc 
SSL encrypted server could be started with Tarantool Enterprise 2.10 or
newer. To configure encryption, additional listen params must be passed.
ssl_key_file and ssl_cert_file are mandatory if transport is
asynctnt.Transport.SSL .

Follows up igorcoding#22
DifferentialOrange added a commit to DifferentialOrange/asynctnt that referenced this issue Aug 24, 2022
@DifferentialOrange
Add SSL tests
e3de017 
To run SSL tests, use Tarantool Enterprise 2.10 or newer and set
TEST_TT_SSL=TRUE flag. The patch is based on a similar patch in
tarantool/tarantool-python connector [1].

1. tarantool/tarantool-python#220

Follows up igorcoding#22
DifferentialOrange added a commit to DifferentialOrange/asynctnt that referenced this issue Aug 24, 2022
@DifferentialOrange
Add SSL tests
369d932 
To run SSL tests, use Tarantool Enterprise 2.10 or newer and set
TEST_TT_SSL=TRUE flag. The patch is based on a similar patch in
tarantool/tarantool-python connector [1].

1. tarantool/tarantool-python#220

Follows up igorcoding#22
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

SSL support DifferentialOrange/asynctnt
1 participant
@Totktonada