[#MXS-2963] Option to allow SSL and non-SSL traffic on same listener port

[MXS-2963] Option to allow SSL and non-SSL traffic on same listener port Created: 2020-04-13 Updated: 2022-09-08 Resolved: 2022-09-08
Status:	Closed
Project:	MariaDB MaxScale
Component/s:	N/A
Affects Version/s:	None
Fix Version/s:	N/A

Type:

New Feature

Priority:

Major

Reporter:

Oy5p aegh

Assignee:

Todd Stoffel (Inactive)

Resolution:

Won't Do

Votes:

Labels:

None

Description

Imagine you want to roll-out MaxScale in an old infrastructure, where it is not feasible to reconfigure client applications for this or that port.
Now you're in a pickle... either risk breaking a lot of client applications or sacrificing transport security.

Comments

Comment by markus makela [ 2020-04-14 ]

If I recall correctly, the lack of both SSL and non-SSL support on a single port was a conscious decision done to avoid accidental use of non-SSL connections when SSL was wanted. In my mind this is still a better choice as it more secure and, as you said, one can easily have two listeners to the same service: one with TLS enabled and the other without it.

Generated at Thu Feb 08 04:17:57 UTC 2024 using Jira 8.20.16#820016-sha1:9d11dbea5f4be3d4cc21f03a88dd11d8c8687422.

[MXS-2963] Option to allow SSL and non-SSL traffic on same listener port Created: 2020-04-13 Updated: 2022-09-08 Resolved: 2022-09-08