[rabbitmq-discuss] Securing Messages Over WAN Link

Simon MacMullen simon at rabbitmq.com
Wed Jan 16 10:29:11 GMT 2013


On 16/01/13 10:24, Emile Joubert wrote:
> On 15/01/13 23:29, Richard Raseley wrote:
>> Could anyone provide any guidance on what they use for securing traffic
>> over the WAN? Is the built in SSL / TLS support in RabbitMQ (as outlined
>> here http://www.rabbitmq.com/ssl.html) sufficient for such purposes?
>> Should I be concerned about the additional overhead in processing
>> requirements for an estimated 10 million+ messages per day?
>
> I assume you want to secure the link between federated exchanges or a
> shovel connection, because clustering over a WAN link is not
> recommended. SSL will provide confidentiality and if you use certificate
> verification then it can provide authentication. SSL also provides
> integrity by hashing data.

I assume the OP was talking about securing standard client -> server 
connections.

> If you care about performance then select an appropriate cipher (e.g.
> avoid 3DES). If you have crypto hardware support then make sure that is
> enabled.

10m messages per day is only 115 msg/s. Presumably there will be spikes, 
but at that sort of rate, SSL performance is unlikely to be an issue.

Cheers, Simon

-- 
Simon MacMullen
RabbitMQ, VMware


More information about the rabbitmq-discuss mailing list