On 14 August 2012 20:40, Rajith Attapattu <[email protected]> wrote: > Rafi, > > From what I understand there are two ways to use SSL/TLS with AMQP 1.0 > > a) A secure connection is established right off the bat. > > b) A regular tcp connection is established and then based on the AMQP > header (with a protocol id of 2) you start encrypting the packets that > follow.
I'm not sure we have a pressing need to support this mechanism. A pattern that would potentially be more interesting is to run TLS and non-TLS connections on the same port. > > The first option seems fairly straightforward. For the second, > > 1. Once we get the AMQP header indicating we need to use TLS, should > we expect the SASL header to follow ? > 2. If we have TLS connection, is SASL authentication optional ? > Yes, theoretically a peer may be configured such that the authentication offered by TLS is sufficient and therefore no SASL exchange is required. > Additionally can the peers chose to use SASL encryption? If so how do > we figure that out? > I didn't find that information under "Book 5 : Security section " Do the relevant SASL mechanisms not make clear when the encryption of the session begins? I don;t believe there is anything special we need to do to "figure out" when SASL encryption is being used is there? -- Rob > > Regards, > > Rajith
