Allow TLS connections in the Tornado TCP transport

Question

Allow TLS connections in the Tornado TCP transport

Closed this issue 8 years ago · 6 comments

The tcp transport just uses tcp connections, we should be able to allow for the master to listen over a tls socket, we would still keep all of the background components for auth and crypt, just allow minions to connect via a tls connection.

Answer 1 · 2016-11-09T13:34:53.000Z

@thatch45 I've implemented TLS support in tcp transport for master-minion communication. The ssl module also provides a number of SSL/TLS options: CA certificate validation, specifying the protocol version and choosing the allowed ciphers. Do we need these options support in salt configuration?

Answer 2 · 2016-11-09T16:03:56.000Z

Good question. I will do some research and get back to you.

Answer 3 · 2016-11-10T07:35:33.000Z

Thank you!

Answer 4 · 2016-11-18T15:39:39.000Z

Updated the implementation. Still have to add the docs.

Answer 5 · 2016-11-21T14:23:09.000Z

Added documentation.

Answer 6 · 2016-11-23T13:00:32.000Z

Added config examples. Finished.