[rabbitmq-discuss] Securing Messages Over WAN Link
Richard Raseley
richard at raseley.com
Thu Jan 17 21:25:03 GMT 2013
Emile,
Thank you for your response.
Simon,
You are correct - I was primarily interested in securing the "channel" from
the producer / consumer to the exchange / queue. Any guidance with that in
mind?
Regards,
Richard
On Wed, Jan 16, 2013 at 2:29 AM, Simon MacMullen <simon at rabbitmq.com> wrote:
> On 16/01/13 10:24, Emile Joubert wrote:
>
>> On 15/01/13 23:29, Richard Raseley wrote:
>>
>>> Could anyone provide any guidance on what they use for securing traffic
>>> over the WAN? Is the built in SSL / TLS support in RabbitMQ (as outlined
>>> here http://www.rabbitmq.com/ssl.**html<http://www.rabbitmq.com/ssl.html>)
>>> sufficient for such purposes?
>>> Should I be concerned about the additional overhead in processing
>>> requirements for an estimated 10 million+ messages per day?
>>>
>>
>> I assume you want to secure the link between federated exchanges or a
>> shovel connection, because clustering over a WAN link is not
>> recommended. SSL will provide confidentiality and if you use certificate
>> verification then it can provide authentication. SSL also provides
>> integrity by hashing data.
>>
>
> I assume the OP was talking about securing standard client -> server
> connections.
>
>
> If you care about performance then select an appropriate cipher (e.g.
>> avoid 3DES). If you have crypto hardware support then make sure that is
>> enabled.
>>
>
> 10m messages per day is only 115 msg/s. Presumably there will be spikes,
> but at that sort of rate, SSL performance is unlikely to be an issue.
>
> Cheers, Simon
>
> --
> Simon MacMullen
> RabbitMQ, VMware
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.rabbitmq.com/pipermail/rabbitmq-discuss/attachments/20130117/56109bfc/attachment.htm>
More information about the rabbitmq-discuss
mailing list