SSLContext configuration with TLS connections
Closed this issue · 0 comments
Hello,
Thanks for sharing your listener.
At present the plugin allows to connect with TLS but without the possibility to enable server certificate validation or presenting client certificate to the server.
When setting the only TLS-related option available KK_TO_RMQ_USE_TLS=true the logs shows indeed:
WARN [com.rabbitmq.client.TrustEverythingTrustManager] (default task-1) SECURITY ALERT: this trust manager trusts every certificate, effectively disabling peer verification. This is convenient for local development but offers no protection against man-in-the-middle attacks. Please see https://www.rabbitmq.com/ssl.html to learn more about peer certificate verification.
This is expected since the code calls the method useSslProtocol() without setting an SSLContext.
While this is convenient for local development, it is not recommended in production environment.
It would be good then to be able to provide the plugin with the parameters to optionally configure an SSLContext:
- server cert (to configure a trust store)
- client cert (to configure a key store)
- TLS protocol.
And pass the SSLContext while connecting with TLS via useSslProtocol(SSLContext context) function.
Example at Using TLS in the Java Client
Would you consider implementing this changes?
Thanks