Hi Enrico thanks for the clarification I have gone through the Testtls code, actually I am running local bookie I have set all the tls properties in the bk_server.conf that I saw in the Testtls code that you pointed me to and I am connecting to it using a java client application but for some reason tls is not working for me please can you look at the config file and the java code and can you point me what I might be doing wrong?
Thanks Prabhaker From: Enrico Olivelli <[email protected]> Sent: Tuesday, December 17, 2019 2:53 PM To: user Cc: Sharda, Ravi Subject: Re: TLS verification is not working with apache bookkeeper 4.7.3 [EXTERNAL EMAIL] Hi Prabhaker, Bookie exposes only one client port, and in order to use TLS we are using the StartTLS approach, so the client requires to upgrade to TLS mode once the connection is established. you have two ways to achive your goal: 1) Enable client TLS authentication with tlsClientAuthentication=true but this way you have to provide TLS certificates to clients and provide a trust store to the bookies 2) You can add an Auth plugin that performs the check you want: This is a relevant test case in BookKeeper repository that is a good example https://github.com/apache/bookkeeper/blob/master/bookkeeper-server/src/test/java/org/apache/bookkeeper/tls/TestTLS.java#L498 In my opinion it would be easy to add some out-of-the-box support to forbid access to unsecured clients or provide such Auth Plugin in the standard bookeeper bundle Best regards Enrico Il giorno mar 17 dic 2019 alle ore 10:08 <[email protected]<mailto:[email protected]>> ha scritto: Hi Team, I am working for a group which is using apache bookkeeper 4.7.3, I am trying to enable tls in apache bookkeeper I have added tls properties in the bk_server.conf file and I have created a sample java application which communicates to the bookkeeper server, the problem that I am facing is that the bookkeeper is tls enabled and the client is not tls enabled even then the client can communicate to the server which shouldn't be happening, can you let me know why this might be happening. I have attached the bk_server.conf file as well as the java client code in the mail as well. Thanks, Prabhaker Saxena
bk_server.conf
Description: bk_server.conf
Test.java
Description: Test.java
