Chapter 7. Security
7.1. Securing connections with SSL/TLS
Red Hat build of Rhea uses SSL/TLS to encrypt communication between clients and servers.
To connect to a remote server with SSL/TLS, set the transport
connection option to tls
.
Example: Enabling SSL/TLS
var opts = {
host: "example.com",
port: 5671,
transport: "tls"
};
container.connect(opts);
By default, the client will reject connections to servers with untrusted certificates. This is sometimes the case in test environments. To bypass certificate authorization, set the rejectUnauthorized
connection option to false
. Be aware that this compromises the security of your connection.
7.2. Connecting with a user and password
Red Hat build of Rhea can authenticate connections with a user and password.
To specify the credentials used for authentication, set the username
and password
connection options.
Example: Connecting with a user and password
var opts = { host: "example.com", username: "alice", password: "secret" }; container.connect(opts);
7.3. Configuring SASL authentication
Red Hat build of Rhea uses the SASL protocol to perform authentication. SASL can use a number of different authentication mechanisms. When two network peers connect, they exchange their allowed mechanisms, and the strongest mechanism allowed by both is selected.
Red Hat build of Rhea enables SASL mechanisms based on the presence of user and password information. If the user and password are both specified, PLAIN
is used. If only a user is specified, ANONYMOUS
is used. If neither is specified, SASL is disabled.