Details
-
New Feature
-
Status: Closed (View Workflow)
-
Major
-
Resolution: Fixed
-
None
-
None
-
MXS-SPRINT-217
Description
require_secure_transport is a static configuration option which, when enabled, forces all listeners, servers and the REST-API to be configured for SSL. Other MaxScale related connections are affected when reasonable, e.g. Kafka. Disabling ssl at runtime is also rejected.
Original description:
TL;DR: Prevent users from accidentally creating non-TLS listeners and servers and from disabling TLS at runtime
MaxScale already requires that all clients that connect to a listener configured with TLS to use encryption. However, this does not prevent unencrypted listeners and server objects from being created. This is further made trickier by the fact that configuring all the required TLS certificates does not imply that TLS is enabled, the ssl=true parameter must be set for it to work.
A global option similar to require_secure_transport would allow MaxScale to forbid creation of insecure listeners or servers that do not use TLS. Enabling it at runtime requires a check that all listeners and servers have TLS configured correctly, otherwise we would end up in a situation where the runtime configuration would not be functional if MaxScale was restarted. Similarly, all server and listener modifications would have to check that the resulting configuration still ends up with TLS enabled on all objects.