Hi Hiba, In order for SSL to start up there needs to be a handshake (client and server sending information back and forth) in order for them to agree on the SSL version number and the encryption secrets. See [1] for details.
AMQP connections without SSL are "in the clear" meaning that there is no encryption. AMQP clients and servers can exchange usernames and passwords by using SASL. But, again, without SSL the entire session is not encrypted and eavesdroppers can see the usernames, passwords, and all the message data as clear text. I have a blog post [2] describing the details of setting up a local certificate authority, broker certificates, and client certificates. -Chuck https://www.websecurity.symantec.com/security-topics/how-does-ssl-handshake-work https://chugrolke.wordpress.com/2015/08/12/red-hat-jboss-amqp-securing-client-broker-connections-with-tlsssl/ ----- Original Message ----- > From: "Mani" <[email protected]> > To: [email protected] > Sent: Friday, December 22, 2017 11:57:46 AM > Subject: Re: Qpid Proton: making ssl connection > > That is very helpful Chug! > > The broker I am using does not require client certificate, however, I > understand from your explanation that in any case, the broker must present > certificate to the client. > > I was wondering if I can skip that step as well (broker providing > certificate) and have just one level of authentication (i.e. username and > password) to make ssl connection? In essence, is it possible to establish > ssl connection without certificates involved? > > Thanks, > Hiba > > > > -- > Sent from: http://qpid.2158936.n2.nabble.com/Apache-Qpid-users-f2158936.html > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [email protected] > For additional commands, e-mail: [email protected] > > --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
