zeromq/jszmq

Will curve security be implemented?

ziegi opened this issue ยท 12 comments

ziegi commented

I want to user ZeroMQ's Security Layer CurveZMQ,
will the javascript client support this in the near future ?

Thanks, for your work, jszmq has been easy to setp up
and seems to be working reliable in my angular app.

Very cool!

My plan is to actually support TLS at libzmq level and then you would be able to use WSS from the browser to libzmq.

Right now, WSS is supported on jszmq but not on libzmq. You can do ssl termination with ngnix or stunnel and use the websocket protocol on libzmq.

I'm also looking to add bearer and username/password authentication to jszmq and zeromq (zeromq already have the username/password authentication).

ziegi commented

Thanks for your fast reply,
while plain username/password authentication over TLS would be fine in terms of security.

The use of curve as security layer would enable me to switch between a c-client connecting to a tcp port and a javascript-client connecting to a ws port without changing the main server i am connecting to.

As far as I see, in libzmq using plain username/password would be unsecure on the tcp port and only secure on the TLS enabled ws port.

That is making sense, I will into supporting curve as well. At least there is a libsodium version for javascript.

TLS will be great for zeromq!

@lewoudar Watch the following pull request for TLS progress:
zeromq/libzmq#3695

Thank you

Pull request is merged, wss protocol is now supported with libzmq

@somdoron great work! I'm newbie to zeromq (but I already love working with it), so how do we configure the certificate to work with TLS and zeromq?

Ok, even if I'm not a C++ guru, I think I understood how it work ^^
Hope it will work with python bindings without needing changes
Thank you again for this job

@ziegi libzmq ws transport now supports curve. However, jszmq doesn't support it yet.
Checkout https://github.com/zeromq/libzmq/blob/977f137a8370363b28f054d5aa8a8cbcb85f8c81/tests/test_ws_transport.cpp#L109

Checkout https://github.com/zeromq/libzmq/blob/master/tests/test_wss_transport.cpp
โ€ฆ
On Thu, Oct 3, 2019, 08:13 Kevin Tewouda @.***> wrote: @somdoron https://github.com/somdoron great work! I'm newbie to zeromq (but I already love working with it), so how do we configure the certificate to work with TLS and zeromq? โ€” You are receiving this because you were mentioned. Reply to this email directly, view it on GitHub <#8?email_source=notifications&email_token=AAUW75RRDORQ6NHVENUSVS3QMV5PVA5CNFSM4I2J26A2YY3PNVWWK3TUL52HS4DFVREXG43VMVBW63LNMVXHJKTDN5WW2ZLOORPWSZGOEAHAMZY#issuecomment-537790055>, or mute the thread https://github.com/notifications/unsubscribe-auth/AAUW75VFDHKA4PJR4PSCZADQMV5PVANCNFSM4I2J26AQ .

Hi..Can you kindly provide some link for making wss work with python pyzmq? Any help would be appreciated..Kindly help me..