dragonfly icon indicating copy to clipboard operation
dragonfly copied to clipboard

Published 20 hours ago verified publisher icon dragonflydb

feat(replication): allow non-tls connections between replica and master #1419

Open kostasrim opened this issue 1 year ago • 3 comments

Addresses #1419 and form the basis for #1418.

  1. Allows non-tls replica to connect to tls enabled master via non tls connection. (This should be used when both master and replica are on the same network)
  2. Added tls and non tls pytest
  3. Update regression workflow to: a. generate tls key and certificate for the server b. test explicitly the tls pytest as separate job

Depends on helio pr: https://github.com/romange/helio/pull/90

kostasrim avatar Jun 28 '23 16:06 kostasrim

General comment about this: Whether we want TLS is a question of what network interface we listen on and its security. If the network doesn't need TLS then we don't need TLS at all, if the network needs TLS then we should always have TLS. From a security perspective I really don't like that it is specific to replication.

royjacobson avatar Jul 02 '23 14:07 royjacobson

@royjacobson

General comment about this: Whether we want TLS is a question of what network interface we listen on and its security. If the network doesn't need TLS then we don't need TLS at all, if the network needs TLS then we should always have TLS. From a security perspective I really don't like that it is specific to replication.

Why do you think it's a security issue if it's specific for replication? If we are on a private network then why would the replica need to communicate over tls with master? (I think this was the original idea).

I am not an expert in security, so plz add your concerns here and we can chat a little bit tomorrow on tomorrow's standup.

kostasrim avatar Jul 02 '23 17:07 kostasrim

@royjacobson

General comment about this: Whether we want TLS is a question of what network interface we listen on and its security. If the network doesn't need TLS then we don't need TLS at all, if the network needs TLS then we should always have TLS. From a security perspective I really don't like that it is specific to replication.

Why do you think it's a security issue if it's specific for replication? If we are on a private network then why would the replica need to communicate over tls with master? (I think this was the original idea).

I am not an expert in security, so plz add your concerns here and we can chat a little bit tomorrow on tomorrow's standup.

My problem is that this is an unclean security abstraction: If the network is private then all connections should be without TLS. Making this relaxation specific for replication creates a difference in the network security level that is based on application logic and not on the network logic.

royjacobson avatar Jul 02 '23 21:07 royjacobson