NetGain icon indicating copy to clipboard operation
NetGain copied to clipboard

Published 20 hours ago verified publisher icon StackExchange

SSL/TLS support

Open theduffmtl opened this issue 9 years ago • 5 comments

Hi thanks for sharing this library. Is there any plan to support SSL/TLS so we can do wss in a near future ?

theduffmtl avatar Feb 02 '16 13:02 theduffmtl

Any update on having support for SSL?

integral-llc avatar Mar 16 '16 07:03 integral-llc

We discussed this in a parallel issue, but basically it isn't on my list of things to do. Reasons:

  1. Since the library builds on the socket API (not the stream API), it is going to need a huge amount of work
  2. The socket-based code will already require a huge amount of work to port to "core", if that is a plan
  3. We currently terminate SSL at the NLB (haproxy), which works really well and requires no code changes
  4. Putting 1 and 3 together doesn't make this appealing - lots of work for little reason; I'm open to pull requests, but: this will not be trivial to do

On Wed, 16 Mar 2016 07:33 integral-llc, [email protected] wrote:

Any update on having support for SSL?

— You are receiving this because you are subscribed to this thread. Reply to this email directly or view it on GitHub https://github.com/StackExchange/NetGain/issues/2#issuecomment-197196848

mgravell avatar Mar 16 '16 15:03 mgravell

Any update on this?.. Seems a bit unsecured without SSL no?

yhydra avatar Oct 08 '18 11:10 yhydra

As stated above, SSL/TLS is done at the load balancer here (as we do at Stack Overflow). No status change.

Since we’re attempting to move off NetGain and onto the Microsoft WebSocket implementation (so we improve things for all, not just this lib), there will likely be little effort spent here going forward. That new server implantation goes into testing this week or next. We’re just seeing how it scales before deciding anything.

NickCraver avatar Oct 08 '18 12:10 NickCraver

Perhaps, but it is usually possible to use TLS terminators (or NLBs) as intermediaries. Yes, it would be nice if it supported TLS too, but simply: it hasn't been something I've needed (due to our network config).

I'm currently playing with "kestrel" options for future directions, which would obviate the TLS requirement since kestrel has that built in. We have it all coded up ready to test with Stack Overflow in prod - I just need to flip a switch when I'm back at work (taking a week off).

On Mon, 8 Oct 2018, 12:35 yhydra, [email protected] wrote:

Any update on this?.. Seems a bit useless without SSL no?

— You are receiving this because you commented. Reply to this email directly, view it on GitHub https://github.com/StackExchange/NetGain/issues/2#issuecomment-427801319, or mute the thread https://github.com/notifications/unsubscribe-auth/AABDsIXrJBSMKWq-BRL-ButHlnw-MA1Oks5uiziHgaJpZM4HRd6w .

mgravell avatar Oct 08 '18 19:10 mgravell