RE: trying to implement SSL configuration

[Liron Ben Ari]

Hi again...
After some functional test on the SSL configuration, we saw degradation of 300% 
on performance!!
Does anyone have an experience?
Is there a some special tuning that I can do?

We used this In our configuration - from documentation it looks like this is 
the only possible option to use...
(we must use the "all" option according to the GPRD regulations...)

ssl-enabled-components=all
ssl-protocols=any
ssl-ciphers=SSL_RSA_WITH_NULL_SHA
we have also change the number of threads to 0 (so it will be thread per 
connection - there was no other way...)


thanks a lot for any help :)

-Original Message-
From: Liron Ben Ari 
Sent: Sunday, June 24, 2018 12:58 PM
To: dev@geode.apache.org
Cc: Gregory Vortman 
Subject: RE: trying to implement SSL configuration

Thanks a lot for your respond Ryan,
I've used the ssl-enabled-components=all parameter.
All my c++ clients are able to connect to the locator and to send ssl events..
I have another java client that connects to the locator and I gave him the same 
parameters...
I will try changing it and will update :) thanks

Here are the parameters  I used for the server side:

ssl-enabled-components=all
ssl-protocols=any
ssl-ciphers=SSL_RSA_WITH_NULL_SHA
ssl-keystore-type=PKCS12
ssl-keystore=/users/xpiwrk1/Amdocs-Test-CA-simple/pki/private/test1.p12
ssl-keystore-password=*
ssl-truststore-type=JKS
ssl-truststore=/users/xpiwrk1/Amdocs-Test-CA-simple/Amdocs-Test-CA-simple.jks
ssl-truststore-password=changeit

-Original Message-
From: Ryan McMahon [mailto:rmcma...@pivotal.io]
Sent: Wednesday, June 20, 2018 6:57 PM
To: dev@geode.apache.org
Subject: Re: trying to implement SSL configuration

Hi Liron,


The first thing that jumps out to me when you say that GFSH could not connect 
to the JMX manager is that you need to have `jmx` in addition to `locator` in 
your `ssl-enabled-components` Geode system property.  For example, you'd need 
ssl-enabled-components=locator,jmx at a minimum for GFSH to connect.  it's a 
bit different if you pass --use-http to your `connect` command, but it doesn't 
appear you are doing that.


Ryan

On Wed, Jun 20, 2018 at 8:46 AM, Liron Ben Ari 
wrote:

> Hi ,
> Well , I managed!! All my processes are talking with SSL configuration 
> (hip hip Horay ☺) I figure out – that I need client authentication and 
> server authentication in the server certificate EKU , and that I need 
> a single  depth hierarchy , I am not sure it will be the case when I 
> wil need to implement it in the customer site…
>
> Does anyone have id why it was used like this?
>
>
> Last question…
> I am trying to configure the gfsh to connect to my locator.
> I’ve added to the connect command the needed properties…
>
native" C++ interaction have a look at geode-native/cppcache/ 
> integration-test/testThinClientSSL
> This should provide an example of connecting with SSL enabled...
>
> EB
>
> On Tue, Jun 12, 2018 at 2:48 AM, Liron Ben Ari 
> mailto:liron.ben...@amdocs.com>> wrote:
>
> We check  - the PKCS12 works  - (as  we saw it in the s_client) It 
> looks like the server did not found  a valid certificate...
>
> Maybe you have a working example? When the client is native c++?
>
> Thanks!!
>
> -Original Message-
> From: Liron Ben Ari
> Sent: Tuesday, June 12, 2018 11:25 AM
> To: Udo Kohlmeyer
> mailto:ukohlme...@pivotal.io>>;
> dev@geode.apache.org;
> u...@geode.apache.org 
> Cc: Gregory Vortman  gregory.vort...@amdocs.com>>; Vladi Polonsky 
> mailto:vladi.polon...@amdocs.com>>; Alon 
> Bar-Lev mailto:alon.bar...@amdocs.com>>
> Subject: RE: trying to implement SSL configuration
>
> Hi ,
> Thanks you for the quick respond.
> So according to the link you send, the keystore type is jks as well.
> I will try  and update...
> But according the client configuration (I found this document for it:
> http://pubs.vmware.com/vfabric53/topic/com.vmware.
> ICbase/PDF/vfabric-gemfire-nc-ug-7.0.1.pdf)
>
> The  keystore for the native client should be in PEM format.
>
>
>
> -Original Message-
> From: Udo Kohlmeyer [mailto:ukohlme...@pivotal.io ukohlme...@pivotal.io>]
> Sent: Tuesday, June 12, 2018 1:49 AM
> To: dev@geode.apache.org; Liron Ben Ari < 
> liron.ben...@amdocs.com>;
> u...@geode.apache.org
> Cc: Gregory Vortman  gregory.vort...@amdocs.com>>; Vladi Polonsky 
> mailto:vladi.polon...@amdocs.com>>; Alon 
> Bar-Lev mailto:alon.bar...@amdocs.com>>
> Subject: Re: trying to implement SSL configuration
>
> Hi there,
>
> Have you tried the following?
>
> https://docs.oracle.com/cd/E19798-01/821-1841/gjrgy/index.html
>
> I have not tried to use a PKCS12 keystore type. Was there a particular 
> reason why you are using it? Could you try with a JKS?
>
> --Udo
>
> On 6/11/18 03:31, Liron Ben Ari wrote:
> > Hello team.
> > I am trying to move my Client server to work with SSL as part of
> Security POC we are 

Build failed in Jenkins: Geode-nightly #1244

[Apache Jenkins Server]

See 

--
[...truncated 112.38 KB...]
> Task :geode-connectors:test
> Task :geode-core:assemble
> Task :geode-core:checkMissedTests
> Task :geode-core:spotlessJava
> Task :geode-core:spotlessJavaCheck
> Task :geode-core:spotlessCheck
> Task :geode-core:test
> Task :geode-cq:assemble

> Task :geode-cq:compileTestJava
Note: Some input files use or override a deprecated API.
Note: Recompile with -Xlint:deprecation for details.
Note: Some input files use unchecked or unsafe operations.
Note: Recompile with -Xlint:unchecked for details.

> Task :geode-cq:processTestResources
> Task :geode-cq:testClasses
> Task :geode-cq:checkMissedTests
> Task :geode-cq:spotlessJava
> Task :geode-cq:spotlessJavaCheck
> Task :geode-cq:spotlessCheck
> Task :geode-cq:test
> Task :geode-experimental-driver:jar
> Task :geode-experimental-driver:javadoc
> Task :geode-experimental-driver:javadocJar
> Task :geode-experimental-driver:sourcesJar
> Task :geode-experimental-driver:signArchives SKIPPED
> Task :geode-experimental-driver:assemble

> Task :geode-experimental-driver:compileTestJava
Note: Some input files use unchecked or unsafe operations.
Note: Recompile with -Xlint:unchecked for details.

> Task :geode-experimental-driver:processTestResources
> Task :geode-experimental-driver:testClasses
> Task :geode-experimental-driver:checkMissedTests
> Task :geode-experimental-driver:spotlessJava
> Task :geode-experimental-driver:spotlessJavaCheck
> Task :geode-experimental-driver:spotlessCheck
> Task :geode-experimental-driver:test
> Task :geode-json:assemble
> Task :geode-json:compileTestJava NO-SOURCE
> Task :geode-json:processTestResources
> Task :geode-json:testClasses
> Task :geode-json:checkMissedTests NO-SOURCE
> Task :geode-json:spotlessJava
> Task :geode-json:spotlessJavaCheck
> Task :geode-json:spotlessCheck
> Task :geode-json:test NO-SOURCE
> Task :geode-old-versions:javadoc NO-SOURCE
> Task :geode-junit:javadoc
> Task :geode-junit:javadocJar
> Task :geode-junit:sourcesJar
> Task :geode-junit:signArchives SKIPPED
> Task :geode-junit:assemble

> Task :geode-junit:compileTestJava
Note: 

 uses or overrides a deprecated API.
Note: Recompile with -Xlint:deprecation for details.
Note: 

 uses unchecked or unsafe operations.
Note: Recompile with -Xlint:unchecked for details.

> Task :geode-junit:processTestResources
> Task :geode-junit:testClasses
> Task :geode-junit:checkMissedTests
> Task :geode-junit:spotlessJava
> Task :geode-junit:spotlessJavaCheck
> Task :geode-junit:spotlessCheck
> Task :geode-junit:test
> Task :geode-lucene:assemble

> Task :geode-lucene:compileTestJava
Note: Some input files use or override a deprecated API.
Note: Recompile with -Xlint:deprecation for details.
Note: Some input files use unchecked or unsafe operations.
Note: Recompile with -Xlint:unchecked for details.

> Task :geode-lucene:processTestResources
> Task :geode-lucene:testClasses
> Task :geode-lucene:checkMissedTests
> Task :geode-lucene:spotlessJava
> Task :geode-lucene:spotlessJavaCheck
> Task :geode-lucene:spotlessCheck
> Task :geode-lucene:test
> Task :geode-old-client-support:assemble
> Task :geode-old-client-support:compileTestJava
> Task :geode-old-client-support:processTestResources NO-SOURCE
> Task :geode-old-client-support:testClasses
> Task :geode-old-client-support:checkMissedTests
> Task :geode-old-client-support:spotlessJava
> Task :geode-old-client-support:spotlessJavaCheck
> Task :geode-old-client-support:spotlessCheck
> Task :geode-old-client-support:test
> Task :geode-old-versions:javadocJar
> Task :geode-old-versions:sourcesJar
> Task :geode-old-versions:signArchives SKIPPED
> Task :geode-old-versions:assemble
> Task :geode-old-versions:compileTestJava NO-SOURCE
> Task :geode-old-versions:processTestResources NO-SOURCE
> Task :geode-old-versions:testClasses UP-TO-DATE
> Task :geode-old-versions:checkMissedTests NO-SOURCE
> Task :geode-old-versions:spotlessJava
> Task :geode-old-versions:spotlessJavaCheck
> Task :geode-old-versions:spotlessCheck
> Task :geode-old-versions:test NO-SOURCE
> Task :geode-protobuf:assemble
Download 
https://repo.maven.apache.org/maven2/org/powermock/powermock-api-mockito/1.7.1/powermock-api-mockito-1.7.1.pom
Download 
https://repo.maven.apache.org/maven2/org/powermock/powermock-api-mockito/1.7.1/powermock-api-mockito-1.7.1.jar

> Task :geode-protobuf:compileTestJava
Note: Some input files use or override a deprecated API.
Note: Recompile with -Xlint:deprecation for details.
Note: Some input files use unchecked or unsafe operations.
Note: Recompile with -Xlint:unchecked for details.

> Task :geode-protobuf:processTestResources
> Task 

[Spring CI] Spring Data GemFire > Nightly-ApacheGeode > #965 was SUCCESSFUL (with 2423 tests)

[Spring CI]

---
Spring Data GemFire > Nightly-ApacheGeode > #965 was successful.
---
Scheduled
2425 tests in total.

https://build.spring.io/browse/SGF-NAG-965/





--
This message is automatically generated by Atlassian Bamboo