Re: [ClusterLabs] Antw: [EXT] Re: corosync 2.4.4 version provide secure the communication by default

Mon, 23 Jan 2023 06:55:00 -0800 

On 23/01/2023 12:51, Ulrich Windl wrote:

Jan Friesse <jfrie...@redhat.com> schrieb am 23.01.2023 um 10:20 in Nachricht

<d0e27873-4249-0bab-fc24-b97130555...@redhat.com>:

Hi,

On 23/01/2023 01:37, S Sathish S via Users wrote:

Hi Team,

corosync 2.4.4 version provide mechanism to secure the communication path

between nodes of a cluster by default? bcoz in our configuration secauth is
turned off but still communication occur is encrypted.


Note : Capture tcpdump for port 5405 and I can see that the data is already

garbled and not in the clear.

It's binary protocol so don't expect some really readable format (like
xml/json/...). But with your config it should be unencrypted. You can
check message "notice  [TOTEM ] Initializing transmit/receive security
(NSS) crypto: none hash: none" during start of corosync.


Probably a good example for "a false feeling of security" (you think the 
comminication is encrypted, while in fact it is not).
Yeah, "none" and "none" is definitively "false feeling of security" and definitively suggest communication is encrypted. Sigh... 






Regards,
    Honza




[root@node1 ~]# cat /etc/corosync/corosync.conf
totem {
      version: 2
      cluster_name: OCC
     secauth: off
      transport: udpu
}

nodelist {
      node {
          ring0_addr: node1
          nodeid: 1
      }

      node {
          ring0_addr: node2
          nodeid: 2
      }

      node {
          ring0_addr: node3
          nodeid: 3
      }
}

quorum {
      provider: corosync_votequorum
}

logging {
      to_logfile: yes
      logfile: /var/log/cluster/corosync.log
      to_syslog: no
      timestamp: on
}

Thanks and Regards,
S Sathish S


_______________________________________________
Manage your subscription:
https://lists.clusterlabs.org/mailman/listinfo/users

ClusterLabs home: https://www.clusterlabs.org/



_______________________________________________
Manage your subscription:
https://lists.clusterlabs.org/mailman/listinfo/users

ClusterLabs home: https://www.clusterlabs.org/





_______________________________________________
Manage your subscription:
https://lists.clusterlabs.org/mailman/listinfo/users

ClusterLabs home: https://www.clusterlabs.org/



_______________________________________________
Manage your subscription:
https://lists.clusterlabs.org/mailman/listinfo/users

ClusterLabs home: https://www.clusterlabs.org/

Reply via email to