Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Support encrypted binary protocol (Tarantool Enterprise) #217

Closed
Totktonada opened this issue Apr 4, 2022 · 1 comment · Fixed by #220
Closed

Support encrypted binary protocol (Tarantool Enterprise) #217

Totktonada opened this issue Apr 4, 2022 · 1 comment · Fixed by #220
Assignees
@oleg-jukovec

Comments

@Totktonada
Copy link
Member

Totktonada commented Apr 4, 2022
edited
Loading

The connector should be able to connect to Tarantool Enterprise using the encrypted protocol.

Related: tarantool/go-tarantool#155.
@Totktonada Totktonada mentioned this issue Apr 4, 2022
Closed
@oleg-jukovec
Copy link
Contributor

oleg-jukovec commented Jun 3, 2022
edited
Loading

Really well that a ssl module from the python standart library uses OpenSSL. But we need to keep in mind that Python can be built without it (and handle it properly).

oleg-jukovec added a commit that referenced this issue Jun 7, 2022
@oleg-jukovec
Support of SSL protocol
d8d05bb 
The patch adds support for using SSL to encrypt the client-server
communications [1].

1. https://www.tarantool.io/en/enterprise_doc/security/#enterprise-iproto-encryption

Closes #217
oleg-jukovec added a commit that referenced this issue Jun 7, 2022
@oleg-jukovec
Support of SSL protocol
f846c06 
The patch adds support for using SSL to encrypt the client-server
communications [1].

1. https://www.tarantool.io/en/enterprise_doc/security/#enterprise-iproto-encryption

Closes #217
@oleg-jukovec oleg-jukovec mentioned this issue Jun 7, 2022
Merged
oleg-jukovec added a commit that referenced this issue Jun 7, 2022
@oleg-jukovec
Support of SSL protocol
b6bba40 
The patch adds support for using SSL to encrypt the client-server
communications [1].

1. https://www.tarantool.io/en/enterprise_doc/security/#enterprise-iproto-encryption

Closes #217
oleg-jukovec added a commit that referenced this issue Jun 8, 2022
@oleg-jukovec
api: support of SSL protocol
b0c411e 
The patch adds support for using SSL to encrypt the client-server
communications [1].

1. https://www.tarantool.io/en/enterprise_doc/security/#enterprise-iproto-encryption

Closes #217
oleg-jukovec added a commit that referenced this issue Jun 8, 2022
@oleg-jukovec
api: support of SSL protocol
3e1b50b 
The patch adds support for using SSL to encrypt the client-server
communications [1].

1. https://www.tarantool.io/en/enterprise_doc/security/#enterprise-iproto-encryption

Closes #217
oleg-jukovec added a commit that referenced this issue Jun 8, 2022
@oleg-jukovec
api: support of SSL protocol
d008c19 
The patch adds support for using SSL to encrypt the client-server
communications [1].

1. https://www.tarantool.io/en/enterprise_doc/security/#enterprise-iproto-encryption

Part of #217
oleg-jukovec added a commit that referenced this issue Jun 8, 2022
@oleg-jukovec
github-ci: add workflow for SSL testing
3dedaea 
The workflow uses Tarantool Enterprise Edition. It does not run for
outside pull requests by default. Such pull requests may be labeled
with `full-ci`. To avoid security problems, the label must be reset
manually for every run.

Closes #217
oleg-jukovec added a commit that referenced this issue Jun 8, 2022
@oleg-jukovec
api: support of SSL protocol
ff7e388 
The patch adds support for using SSL to encrypt the client-server
communications [1].

1. https://www.tarantool.io/en/enterprise_doc/security/#enterprise-iproto-encryption

Part of #217
oleg-jukovec added a commit that referenced this issue Jun 8, 2022
@oleg-jukovec
github-ci: add workflow for SSL testing
bc310e5 
The workflow uses Tarantool Enterprise Edition. It does not run for
outside pull requests by default. Such pull requests may be labeled
with `full-ci`. To avoid security problems, the label must be reset
manually for every run.

Closes #217
oleg-jukovec added a commit that referenced this issue Jun 8, 2022
@oleg-jukovec
api: support of SSL protocol
5c4d66a 
The patch adds support for using SSL to encrypt the client-server
communications [1].

1. https://www.tarantool.io/en/enterprise_doc/security/#enterprise-iproto-encryption

Part of #217
oleg-jukovec added a commit that referenced this issue Jun 8, 2022
@oleg-jukovec
github-ci: add workflow for SSL testing
4e35a88 
The workflow uses Tarantool Enterprise Edition. It does not run for
outside pull requests by default. Such pull requests may be labeled
with `full-ci`. To avoid security problems, the label must be reset
manually for every run.

Closes #217
oleg-jukovec added a commit that referenced this issue Jun 8, 2022
@oleg-jukovec
github-ci: add workflow for SSL testing
177b62f 
The workflow uses Tarantool Enterprise Edition. It does not run for
outside pull requests by default. Such pull requests may be labeled
with `full-ci`. To avoid security problems, the label must be reset
manually for every run.

Closes #217
oleg-jukovec added a commit that referenced this issue Jun 16, 2022
@oleg-jukovec
api: support of SSL protocol
655c712 
The patch adds support for using SSL to encrypt the client-server
communications [1].

1. https://www.tarantool.io/en/enterprise_doc/security/#enterprise-iproto-encryption

Part of #217
oleg-jukovec added a commit that referenced this issue Jun 16, 2022
@oleg-jukovec
github-ci: add workflow for SSL testing
090f2d2 
The workflow uses Tarantool Enterprise Edition. It does not run for
outside pull requests by default. Such pull requests may be labeled
with `full-ci`. To avoid security problems, the label must be reset
manually for every run.

Closes #217
oleg-jukovec added a commit that referenced this issue Jun 16, 2022
@oleg-jukovec
api: support of SSL protocol
3d438e0 
The patch adds support for using SSL to encrypt the client-server
communications [1].

1. https://www.tarantool.io/en/enterprise_doc/security/#enterprise-iproto-encryption

Part of #217
oleg-jukovec added a commit that referenced this issue Jun 16, 2022
@oleg-jukovec
github-ci: add workflow for SSL testing
488693a 
The workflow uses Tarantool Enterprise Edition. It does not run for
outside pull requests by default. Such pull requests may be labeled
with `full-ci`. To avoid security problems, the label must be reset
manually for every run.

Closes #217
oleg-jukovec added a commit that referenced this issue Jun 16, 2022
@oleg-jukovec
api: support of SSL protocol
0d8fbb0 
The patch adds support for using SSL to encrypt the client-server
communications [1].

1. https://www.tarantool.io/en/enterprise_doc/security/#enterprise-iproto-encryption

Part of #217
oleg-jukovec added a commit that referenced this issue Jun 16, 2022
@oleg-jukovec
github-ci: add workflow for SSL testing
ae172fc 
The workflow uses Tarantool Enterprise Edition. It does not run for
outside pull requests by default. Such pull requests may be labeled
with `full-ci`. To avoid security problems, the label must be reset
manually for every run.

Closes #217
oleg-jukovec added a commit that referenced this issue Jun 16, 2022
@oleg-jukovec
api: support of SSL protocol
0c99ea2 
The patch adds support for using SSL to encrypt the client-server
communications [1].

1. https://www.tarantool.io/en/enterprise_doc/security/#enterprise-iproto-encryption

Part of #217
oleg-jukovec added a commit that referenced this issue Jun 16, 2022
@oleg-jukovec
github-ci: add workflow for SSL testing
b414c22 
The workflow uses Tarantool Enterprise Edition. It does not run for
outside pull requests by default. Such pull requests may be labeled
with `full-ci`. To avoid security problems, the label must be reset
manually for every run.

Closes #217
oleg-jukovec added a commit that referenced this issue Jun 16, 2022
@oleg-jukovec
api: support of SSL protocol
58dbfdc 
The patch adds support for using SSL to encrypt the client-server
communications [1].

1. https://www.tarantool.io/en/enterprise_doc/security/#enterprise-iproto-encryption

Part of #217
oleg-jukovec added a commit that referenced this issue Jun 16, 2022
@oleg-jukovec
github-ci: add workflow for SSL testing
d8acf41 
The workflow uses Tarantool Enterprise Edition. It does not run for
outside pull requests by default. Such pull requests may be labeled
with `full-ci`. To avoid security problems, the label must be reset
manually for every run.

Closes #217
oleg-jukovec added a commit that referenced this issue Jun 17, 2022
@oleg-jukovec
api: support of SSL protocol
2faba41 
The patch adds support for using SSL to encrypt the client-server
communications [1].

1. https://www.tarantool.io/en/enterprise_doc/security/#enterprise-iproto-encryption

Part of #217
oleg-jukovec added a commit that referenced this issue Jun 17, 2022
@oleg-jukovec
github-ci: add workflow for SSL testing
aa0c6e2 
The workflow uses Tarantool Enterprise Edition. It does not run for
outside pull requests by default. Such pull requests may be labeled
with `full-ci`. To avoid security problems, the label must be reset
manually for every run.

Closes #217
oleg-jukovec added a commit that referenced this issue Jun 17, 2022
@oleg-jukovec
github-ci: add workflow for SSL testing
4b498ad 
The workflow uses Tarantool Enterprise Edition. It does not run for
outside pull requests by default. Such pull requests may be labeled
with `full-ci`. To avoid security problems, the label must be reset
manually for every run.

Closes #217
oleg-jukovec added a commit that referenced this issue Jun 17, 2022
@oleg-jukovec
api: support of SSL protocol
40c6d70 
The patch adds support for using SSL to encrypt the client-server
communications [1].

1. https://www.tarantool.io/en/enterprise_doc/security/#enterprise-iproto-encryption

Part of #217
oleg-jukovec added a commit that referenced this issue Jun 17, 2022
@oleg-jukovec
github-ci: add workflow for SSL testing
d4c0ea4 
The workflow uses Tarantool Enterprise Edition. It does not run for
outside pull requests by default. Such pull requests may be labeled
with `full-ci`. To avoid security problems, the label must be reset
manually for every run.

Closes #217
oleg-jukovec added a commit that referenced this issue Jun 17, 2022
@oleg-jukovec
github-ci: add workflow for SSL testing
831100c 
The workflow uses Tarantool Enterprise Edition. It does not run for
outside pull requests by default. Such pull requests may be labeled
with `full-ci`. To avoid security problems, the label must be reset
manually for every run.

Closes #217
oleg-jukovec added a commit that referenced this issue Jun 17, 2022
@oleg-jukovec
github-ci: add workflow for SSL testing
66c732e 
The workflow uses Tarantool Enterprise Edition. It does not run for
outside pull requests by default. Such pull requests may be labeled
with `full-ci`. To avoid security problems, the label must be reset
manually for every run.

Closes #217
@Totktonada Totktonada mentioned this issue Jun 18, 2022
Open
DifferentialOrange pushed a commit that referenced this issue Jun 20, 2022
@oleg-jukovec @DifferentialOrange
api: support of SSL protocol
ffa3890 
The patch adds support for using SSL to encrypt the client-server
communications [1].

1. https://www.tarantool.io/en/enterprise_doc/security/#enterprise-iproto-encryption

Part of #217
DifferentialOrange pushed a commit that referenced this issue Jun 20, 2022
@oleg-jukovec @DifferentialOrange
github-ci: add workflow for SSL testing
69fae76 
The workflow uses Tarantool Enterprise Edition. It does not run for
outside pull requests by default. Such pull requests may be labeled
with `full-ci`. To avoid security problems, the label must be reset
manually for every run.

Closes #217
DifferentialOrange added a commit that referenced this issue Jun 20, 2022
@DifferentialOrange
Release 0.9.0
2edbf69 
Overview

    This release features SSL support. To use SSL, pass SSL parameters
    on connect:

        con = tarantool.Connection(
            host, port,
            user=user,
            password=pass,
            transport="ssl",
            ssl_key_file=client_key_file,
            ssl_cert_file=client_cert_file,
            ssl_ca_file=client_ca_file,
            ssl_ciphers=client_ciphers)

     ConnectionPool and MeshConnection also support these parameters.

     See Tarantool Enterprise Edition manual for details [1].

Breaking changes

    There are no breaking changes in the release.

New features

    * SSL support (PR #220, #217).

Testing

    * Tarantool Enterprise testing workflow on GitHub actions (PR #220).
@DifferentialOrange DifferentialOrange mentioned this issue Jun 20, 2022
Merged
DifferentialOrange added a commit that referenced this issue Jun 20, 2022
@DifferentialOrange
Release 0.9.0
2c8753f 
Overview

    This release features SSL support. To use SSL, pass SSL parameters
    on connect:

        con = tarantool.Connection(
            host, port,
            user=user,
            password=pass,
            transport="ssl",
            ssl_key_file=client_key_file,
            ssl_cert_file=client_cert_file,
            ssl_ca_file=client_ca_file,
            ssl_ciphers=client_ciphers)

    ConnectionPool and MeshConnection also support these parameters.

    See Tarantool Enterprise Edition manual for details [1].

Breaking changes

    There are no breaking changes in the release.

New features

    * SSL support (PR #220, #217).

Testing

    * Tarantool Enterprise testing workflow on GitHub actions (PR #220).
DifferentialOrange added a commit that referenced this issue Jun 20, 2022
@DifferentialOrange
Release 0.9.0
f11a963 
Overview

    This release features SSL support. To use SSL, pass SSL parameters
    on connect:

        con = tarantool.Connection(
            host, port,
            user=user,
            password=pass,
            transport="ssl",
            ssl_key_file=client_key_file,
            ssl_cert_file=client_cert_file,
            ssl_ca_file=client_ca_file,
            ssl_ciphers=client_ciphers)

    ConnectionPool and MeshConnection also support these parameters.

    See Tarantool Enterprise Edition manual for details [1].

    1. https://www.tarantool.io/en/enterprise_doc/security/#enterprise-iproto-encryption

Breaking changes

    There are no breaking changes in the release.

New features

    * SSL support (PR #220, #217).

Testing

    * Tarantool Enterprise testing workflow on GitHub actions (PR #220).
DifferentialOrange added a commit that referenced this issue Jun 20, 2022
@DifferentialOrange
Release 0.9.0
f89e7c9 
Overview

    This release features SSL support.

    To use encrypted connection with Tarantool Enterprise Edition
    instance, pass "ssl" `transport` parameter on connect:

        con = tarantool.Connection(
            host, port,
            user=user,
            password=pass,
            transport="ssl")

    If server uses trusted certificate authorities (CA) file, you must
    set private SSL key file with `ssl_key_file` parameter and SSL
    certificate file with `ssl_cert_file` parameter. If server not
    uses CA file, these parameters are optional.

        con = tarantool.Connection(
            host, port,
            user=user,
            password=password,
            transport="ssl",
            ssl_key_file=client_key_file,
            ssl_cert_file=client_cert_file)

    To verify the server, set client trusted certificate
    authorities (CA) file with `ssl_ca_file` parameter:

        con = tarantool.Connection(
            host, port,
            user=user,
            password=password,
            transport="ssl",
            ssl_ca_file=client_ca_file)

    To set SSL ciphers, set them with `ssl_ciphers` parameter as
    a colon-separated (:) string:

        con = tarantool.Connection(
            host, port,
            user=user,
            password=password,
            transport="ssl",
            ssl_ciphers=client_ssl_ciphers)

    ConnectionPool and MeshConnection also support these parameters.

        mesh = tarantool.MeshConnection(
            addrs={
                "host": host,
                "post": port,
                "transport": "ssl",
                "ssl_key_file": client_key_file,
                "ssl_cert_file": client_cert_file,
                "ssl_ca_file": client_ca_file,
                "ssl_ciphers": client_ssl_ciphers,
            },
            user=user,
            password=password)

        pool = tarantool.ConnectionPool(
            addrs={
                "host": host,
                "post": port,
                "transport": "ssl",
                "ssl_key_file": client_key_file,
                "ssl_cert_file": client_cert_file,
                "ssl_ca_file": client_ca_file,
                "ssl_ciphers": client_ssl_ciphers,
            },
            user=user,
            password=password)

    See Tarantool Enterprise Edition manual for details [1].

    1. https://www.tarantool.io/en/enterprise_doc/security/#enterprise-iproto-encryption

Breaking changes

    There are no breaking changes in the release.

New features

    * SSL support (PR #220, #217).

Testing

    * Tarantool Enterprise testing workflow on GitHub actions (PR #220).
DifferentialOrange added a commit that referenced this issue Jun 20, 2022
@DifferentialOrange
api: extend tarantool.connect with ssl params
0970382 
Follows up #217
DifferentialOrange added a commit that referenced this issue Jun 20, 2022
@DifferentialOrange
Release 0.9.0
2105c4a 
Overview

    This release features SSL support.

    To use encrypted connection with Tarantool Enterprise Edition
    instance, pass "ssl" `transport` parameter on connect:

        con = tarantool.Connection(
            host, port,
            user=user,
            password=pass,
            transport="ssl")

    If server uses trusted certificate authorities (CA) file, you must
    set private SSL key file with `ssl_key_file` parameter and SSL
    certificate file with `ssl_cert_file` parameter. If server not
    uses CA file, these parameters are optional.

        con = tarantool.Connection(
            host, port,
            user=user,
            password=password,
            transport="ssl",
            ssl_key_file=client_key_file,
            ssl_cert_file=client_cert_file)

    To verify the server, set client trusted certificate
    authorities (CA) file with `ssl_ca_file` parameter:

        con = tarantool.Connection(
            host, port,
            user=user,
            password=password,
            transport="ssl",
            ssl_ca_file=client_ca_file)

    To set SSL ciphers, set them with `ssl_ciphers` parameter as
    a colon-separated (:) string:

        con = tarantool.Connection(
            host, port,
            user=user,
            password=password,
            transport="ssl",
            ssl_ciphers=client_ssl_ciphers)

    ConnectionPool and MeshConnection also support these parameters.

        mesh = tarantool.MeshConnection(
            addrs={
                "host": host,
                "post": port,
                "transport": "ssl",
                "ssl_key_file": client_key_file,
                "ssl_cert_file": client_cert_file,
                "ssl_ca_file": client_ca_file,
                "ssl_ciphers": client_ssl_ciphers,
            },
            user=user,
            password=password)

        pool = tarantool.ConnectionPool(
            addrs={
                "host": host,
                "post": port,
                "transport": "ssl",
                "ssl_key_file": client_key_file,
                "ssl_cert_file": client_cert_file,
                "ssl_ca_file": client_ca_file,
                "ssl_ciphers": client_ssl_ciphers,
            },
            user=user,
            password=password)

    See Tarantool Enterprise Edition manual for details [1].

    1. https://www.tarantool.io/en/enterprise_doc/security/#enterprise-iproto-encryption

Breaking changes

    There are no breaking changes in the release.

New features

    * SSL support (PR #220, #217).

Testing

    * Tarantool Enterprise testing workflow on GitHub actions (PR #220).
DifferentialOrange added a commit that referenced this issue Jun 20, 2022
@DifferentialOrange
Release 0.9.0
1971a3d 
Overview

    This release features SSL support.

    To use encrypted connection with Tarantool Enterprise Edition
    instance, pass "ssl" `transport` parameter on connect:

        con = tarantool.Connection(
            host, port,
            user=user,
            password=pass,
            transport="ssl")

    To verify the server, set client trusted certificate
    authorities (CA) file with `ssl_ca_file` parameter:

        con = tarantool.Connection(
            host, port,
            user=user,
            password=password,
            transport="ssl",
            ssl_ca_file=client_ca_file)

    If the server authenticates clients using certificates issued by
    given CA, you must provide private SSL key file with `ssl_key_file`
    parameter and SSL certificate file with `ssl_cert_file` parameter.
    Otherwise, these parameters are optional.

        con = tarantool.Connection(
            host, port,
            user=user,
            password=password,
            transport="ssl",
            ssl_key_file=client_key_file,
            ssl_cert_file=client_cert_file)

    To set SSL ciphers, set them with `ssl_ciphers` parameter as
    a colon-separated (:) string:

        con = tarantool.Connection(
            host, port,
            user=user,
            password=password,
            transport="ssl",
            ssl_ciphers=client_ssl_ciphers)

    ConnectionPool and MeshConnection also support these parameters.

        mesh = tarantool.MeshConnection(
            addrs={
                "host": host,
                "post": port,
                "transport": "ssl",
                "ssl_key_file": client_key_file,
                "ssl_cert_file": client_cert_file,
                "ssl_ca_file": client_ca_file,
                "ssl_ciphers": client_ssl_ciphers,
            },
            user=user,
            password=password)

        pool = tarantool.ConnectionPool(
            addrs={
                "host": host,
                "post": port,
                "transport": "ssl",
                "ssl_key_file": client_key_file,
                "ssl_cert_file": client_cert_file,
                "ssl_ca_file": client_ca_file,
                "ssl_ciphers": client_ssl_ciphers,
            },
            user=user,
            password=password)

    See Tarantool Enterprise Edition manual for details [1].

    1. https://www.tarantool.io/en/enterprise_doc/security/#enterprise-iproto-encryption

Breaking changes

    There are no breaking changes in the release.

New features

    * SSL support (PR #220, #217).

Testing

    * Tarantool Enterprise testing workflow on GitHub actions (PR #220).
DifferentialOrange added a commit that referenced this issue Jun 20, 2022
@DifferentialOrange
api: extend tarantool.connect with ssl params
fe1b460 
Follows up #217
DifferentialOrange added a commit that referenced this issue Jun 20, 2022
@DifferentialOrange
Release 0.9.0
60a2f38 
Overview

    This release features SSL support.

    To use encrypted connection with Tarantool Enterprise Edition
    instance, pass "ssl" `transport` parameter on connect:

        con = tarantool.Connection(
            host, port,
            user=user,
            password=pass,
            transport="ssl")

    To verify the server, set client trusted certificate
    authorities (CA) file with `ssl_ca_file` parameter:

        con = tarantool.Connection(
            host, port,
            user=user,
            password=password,
            transport="ssl",
            ssl_ca_file=client_ca_file)

    If the server authenticates clients using certificates issued by
    given CA, you must provide private SSL key file with `ssl_key_file`
    parameter and SSL certificate file with `ssl_cert_file` parameter.
    Otherwise, these parameters are optional.

        con = tarantool.Connection(
            host, port,
            user=user,
            password=password,
            transport="ssl",
            ssl_key_file=client_key_file,
            ssl_cert_file=client_cert_file)

    To set SSL ciphers, set them with `ssl_ciphers` parameter as
    a colon-separated (:) string:

        con = tarantool.Connection(
            host, port,
            user=user,
            password=password,
            transport="ssl",
            ssl_ciphers=client_ssl_ciphers)

    ConnectionPool and MeshConnection also support these parameters.

        mesh = tarantool.MeshConnection(
            addrs={
                "host": host,
                "post": port,
                "transport": "ssl",
                "ssl_key_file": client_key_file,
                "ssl_cert_file": client_cert_file,
                "ssl_ca_file": client_ca_file,
                "ssl_ciphers": client_ssl_ciphers,
            },
            user=user,
            password=password)

        pool = tarantool.ConnectionPool(
            addrs={
                "host": host,
                "post": port,
                "transport": "ssl",
                "ssl_key_file": client_key_file,
                "ssl_cert_file": client_cert_file,
                "ssl_ca_file": client_ca_file,
                "ssl_ciphers": client_ssl_ciphers,
            },
            user=user,
            password=password)

    See Tarantool Enterprise Edition manual for details [1].

    1. https://www.tarantool.io/en/enterprise_doc/security/#enterprise-iproto-encryption

Breaking changes

    There are no breaking changes in the release.

New features

    * SSL support (PR #220, #217).

Testing

    * Tarantool Enterprise testing workflow on GitHub actions (PR #220).
@NeraverinTarantool NeraverinTarantool mentioned this issue Jul 26, 2022
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@oleg-jukovec oleg-jukovec

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

SSL support tarantool/tarantool-python
3 participants
@Totktonada @DifferentialOrange @oleg-jukovec