Announcement

Collapse
No announcement yet.

Securing Wire Data - TLS/SSL?

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • toro
    started a topic Securing Wire Data - TLS/SSL?

    Securing Wire Data - TLS/SSL?

    We have an interest in having the wire data secured and wondered if this is important to anyone else?


    The main overhead of SSL is the handshake because that's where the expensive asymmetric cryptography happens. After negotiation, relatively efficient symmetric ciphers are used so it would seem to be aligned with the VoltDB connection approach.


    The way I understand the connection strategy - as long as VoltDB drivers use a connection pool and only negotiate when connections are created (and not on every reuse), then everything should work fine.


    Thoughts?

  • 016hnoor
    replied
    The main overhead of SSL is the handshake because that's where the expensive asymmetric cryptography happens. After negotiation, relatively efficient symmetric ciphers are used so it would seem to be aligned with the VoltDB connection approach.

    Leave a comment:


  • jhugg
    replied
    Good question

    SSL is something we've thought about at VoltDB as well. I've created a ticket for this ENG-862 where you can check the process.


    This feature isn't currently scheduled for a specific release, but there are a few workarounds in the interim. First, you can use VPN tunnels between your clients and servers. This has a different set of pros and cons than SSL does, but it would be transparent to our system. Secondly, you can use our HTTP/JSON interface and use Apache's SSL proxy service to encrypt that between the client and server. Note that the JSON interface is currently quite a bit slower than the native wire protocol though.


    I know these aren't ideal answers. We'll try to get that ticket scheduled as soon as we can.

    Leave a comment:

Working...
X