On Tue, 2015-03-03 at 15:28 +0000, Gordon Sim wrote: > On 03/03/2015 01:50 AM, Andrew Stitcher wrote: > > On Mon, 2015-03-02 at 18:41 +0000, Gordon Sim wrote: > >> In fact the c++ broker doesn't use an AMQP 1.0 style layer for SSL at > >> all - i.e. it does not recognise the special AMQP 1.0 TLS header sent in > >> the clear prior to TLS handshaking as described in 5.2 of the AMQP spec. > >> The qpid::messaging c++ client doesn't send one either. Both use the > >> 'alternative establishment' as described by 5.2.1 (though for a > >> different reason than the one suggested there). So yet another point of > >> possible interoperability issues. > > > > FYI: Currently Proton-C does not support the "AMQP 1.0" style SSL header > > either to send or receive (they are recognised for error message > > purposes currently) > > Thanks for the clarification! I was planning to investigate that, since > I knew that ssl 'works' between proton-c and qpidd. > > > - this is a piece of work I have scheduled post the > > SASL integration. > > We probably want to retain some way of using the 'alternative > establishment' as well, in order to not lose interop.
Here my focus is on the server end autodetection, so better interop is achieved by coping with both SSL alternatives. I think that initially, the correct default for the client should be to use the AMQP 1.0 type header for the default port (5672) and the "alternative establishment" for other ports (5761 or other). Andrew --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
