The company I work for has a hard requirement on any traffic that crosses major network boundaries be encrypted. We have GoCD Servers in special zones that are accessible to our developers' workstations and GoCD Agents in every zone, including those that are not accessible to developers' workstations. This means we have a hard requirement on GoCD Agent to GoCD Server communication being fully encrypted, but it is not. We do understand what is being sent by HTTP and agree what it poses little to no risk, but our policy governing inter-zone communication is non-negotiable.
Currently we have GoCD Agents communicating with the server by wrapping the comms in stunnel, which works, but has proven to be fragile. We wish to remove stunnel to improve stability of the service we are offering the devs. How can we get rid of the initial communication that occurs over HTTP (defaults to 8153) or move that communication to HTTPS? This must be possible. Is it already baked into newer versions (we are on 15.2) and is a simple configuration option? If not, is it on the development backlog somewhere? If it's not available currently or planned, why is it not planned? Our investment in keeping stunnel working is becoming so costly, we have considered contributing code to add this and other features. -- You received this message because you are subscribed to the Google Groups "go-cd" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/d/optout.
