gogrlx/nats-server
1
0
Fork 0
mirror of https://github.com/gogrlx/nats-server.git synced 2026-04-02 03:38:42 -07:00
Code Issues Packages Projects Releases Wiki Activity
8,378 Commits 30 Branches 48 Tags
ce96de2ed5cfede3d7458de7c5282f3183f8bba2
Go to file
Clone
Open with VS Code Open with VSCodium Open with Intellij IDEA
Download ZIP Download TAR.GZ Download BUNDLE
Ivan Kozlovic ce96de2ed5 [ADDED] TLS: Handshake First for client connections 
A new option instructs the server to perform the TLS handshake first,
that is prior to sending the INFO protocol to the client.

Only clients that implement equivalent option would be able to
connect if the server runs with this option enabled.

The configuration would look something like this:
```
...
tls {
    cert_file: ...
    key_file: ...

    handshake_first: true
}
```

The same option can be set to "auto" or a Go time duration to fallback
to the old behavior. This is intended for deployments where it is known
that not all clients have been upgraded to a client library providing
the TLS handshake first option.

After the delay has elapsed without receiving the TLS handshake from
the client, the server reverts to sending the INFO protocol so that
older clients can connect. Clients that do connect with the "TLS first"
option will be marked as such in the monitoring's Connz page/result.
It will allow the administrator to keep track of applications still
needing to upgrade.

The configuration would be similar to:
```
...
tls {
    cert_file: ...
    key_file: ...

    handshake_first: auto
}
```
With the above value, the fallback delay used by the server is 50ms.

The duration can be explcitly set, say 300 milliseconds:
```
...
tls {
    cert_file: ...
    key_file: ...

    handshake_first: "300ms"
}
```

It is understood that any configuration other that "true" will result
in the server sending the INFO protocol after the elapsed amount of
time without the client initiating the TLS handshake. Therefore, for
administrators that do not want any data transmitted in plain text,
the value must be set to "true" only. It will require applications
to be updated to a library that provides the option, which may or
may not be readily available.

Signed-off-by: Ivan Kozlovic <ivan@synadia.com>
2023-10-10 09:46:01 -06:00
.github
Fixed code coverage GithHub Action
2023-10-09 13:07:54 -06:00
conf
Fix JSON compatibility in conf format
2023-08-22 12:47:51 -07:00
doc
remove ADR files from the server
2021-07-13 10:07:31 +02:00
docker
Use Go 1.21 for nightlies, Dockerfile, code coverage, bump go.mod version to Go 1.20
2023-08-31 09:02:20 +01:00
internal
Redact URLs before logging or returning in error (#2643)
2021-10-27 12:44:59 -04:00
logger
Changes for max log files option (active plus backups); remove redundant lexical sort of backups; adjust test
2023-09-15 22:08:09 -07:00
logos
Updated logo for better aesthetics on dark mode.
2022-10-11 09:56:47 +09:00
scripts
Fixed code coverage GithHub Action
2023-10-09 13:07:54 -06:00
server
[ADDED] TLS: Handshake First for client connections
2023-10-10 09:46:01 -06:00
test
[ADDED] TLS: Handshake First for client connections
2023-10-10 09:46:01 -06:00
util
systemd: use SIGUSR2 for shutdown, for LDM
2023-09-28 13:16:48 -04:00
.coveralls.yml
Should have been included from the coveralls instructions to know more.
2014-07-25 13:16:58 -07:00
.gitignore
Ignore dist and .vscode
2022-08-03 14:01:55 -07:00
.golangci.yml
Lint warnings on fmt.Print, fmt.Printf, fmt.Println
2023-01-24 16:10:13 +00:00
.goreleaser-nightly.yml
Adjust nightly name if on a branch
2023-06-27 17:00:05 -04:00
.goreleaser.yml
Remove gomod proxy, build by installing package instead
2023-03-28 08:16:33 -07:00
.travis.yml
Pin Go versions in Travis CI (#4633)
2023-10-06 12:09:27 -07:00
CODE-OF-CONDUCT.md
Add CNCF Code of Conduct
2018-03-15 11:38:25 -07:00
dependencies.md
Update dependencies.md
2022-08-16 16:48:00 -06:00
go.mod
[ADDED] TLS: Handshake First for client connections
2023-10-10 09:46:01 -06:00
go.sum
[ADDED] TLS: Handshake First for client connections
2023-10-10 09:46:01 -06:00
GOVERNANCE.md
Fix nats-general links
2023-09-26 07:37:57 -04:00
LICENSE
Update license to Apache 2
2018-03-15 22:31:07 -07:00
locksordering.txt
[FIXED] Account resolver lock inversion
2023-09-25 15:09:11 -06:00
main.go
Remove snapshot of cores and maxprocs
2023-03-17 15:09:50 -07:00
MAINTAINERS.md
Fix nats-general links
2023-09-26 07:37:57 -04:00
README.md
Release v2.10.2
2023-10-06 15:23:06 -04:00
TODO.md
[ADDED] Server sends INFO with cluster URLs to clients with support
2016-07-26 10:55:55 -06:00

README.md

NATS Logo

NATS is a simple, secure and performant communications system for digital systems, services and devices. NATS is part of the Cloud Native Computing Foundation (CNCF). NATS has over 40 client language implementations, and its server can run on-premise, in the cloud, at the edge, and even on a Raspberry Pi. NATS can secure and simplify design and operation of modern distributed systems.

License Build Release Slack Coverage Docker Downloads CII Best Practices

Documentation

Contact

  • Twitter: Follow us on Twitter!
  • Google Groups: Where you can ask questions
  • Slack: Click here to join. You can ask question to our maintainers and to the rich and active community.

Contributing

If you are interested in contributing to NATS, read about our...

Roadmap

The NATS product roadmap can be found here.

Security

Security Audit

A third party security audit was performed by Cure53, you can see the full report here.

Reporting Security Vulnerabilities

If you've found a vulnerability or a potential vulnerability in the NATS server, please let us know at nats-security.

License

Unless otherwise noted, the NATS source files are distributed under the Apache Version 2.0 license found in the LICENSE file.

Reference in New Issue View Git Blame Copy Permalink
Description
No description provided
Readme Apache-2.0 33 MiB
Languages
Go 99.6%
Shell 0.4%