Actually, I do not care so much about the internal port which currently allows regular connections only - should it allowed both, it will be not an issue. The important part is to allow only SSL on the external network. The reason is that a) we do not want external customers to connect unencrypted and b) on SSL we can easily disable the username/password access and allow only certificate based authentication.
So if we get instead of the three options (ssl-only, regular-only and both) only two options - both and ssl-only - it would be fine for us. It would then work as a kind of "minimal security level". Did this answered your question? Regards Jakub On Wed, Nov 14, 2012 at 3:39 PM, Andrew Stitcher <[email protected]>wrote: > On Wed, 2012-11-14 at 00:00 +0100, Jakub Scholz wrote: > > ... > > For example on some of our brokers we have one > > network interface which connects the broker to our internal network and > > where we would like to use regular (non SSL) port only. The second > > interface connects our external customers which always use only SSL. > > Just a quick question about the internal ports that accept non-SSL > connections: Would there be any reason why you specifically would want > to accept SSL on these ports as well as TCP? > > I'm thinking that the perhaps the options should be by default to accept > both TCP and SSL. And with a specific option to drop the TCP and only > accept SSL - some sort of encrypted connection only option. > > What do you think? > > Andrew > > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [email protected] > For additional commands, e-mail: [email protected] > >
