Server agents with TLS enabled accept non-TLS client RPC connections #2525
Labels
Comments
schmichael
added a commit
that referenced
this issue
Apr 6, 2017
Fixes #2525 We used to be checking a RequireTLS field that was never set. Instead we can just check the TLSConfig.EnableRPC field and require TLS if it's enabled. Added a few unfortunately slow integration tests to assert the intended behavior of misconfigured RPC TLS. Also disable a lot of noisy test logging when -v isn't specified.
schmichael
added a commit
that referenced
this issue
Apr 7, 2017
|
I'm going to lock this issue because it has been closed for 120 days ⏳. This helps our maintainers find and focus on the active issues. |
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
If you configure TLS on Nomad server agents they still accept non-TLS RPC connections from Nomad client agents.
This means as of 0.5.6 TLS can only be required for communication between servers. Clients will still properly use TLS when configured to do so, but clients with no TLS configuration will still be able to communicate with servers and participate in the cluster.
Since the HTTP API does not require a client certificate even with TLS enabled, this bug does not significantly change the security guarantees of Nomad's TLS implementation.
Nomad agents should be network isolated from untrusted access regardless of TLS configuration.
Desired behavior
The desired behavior is that RPC TLS is all-or-nothing: if it's configured on servers then they should require TLS for all RPC communications.
Optionally we may allow requiring mTLS for the HTTP API to allow network isolation.
Originally reported to the mailing list here: https://groups.google.com/d/msg/nomad-tool/jhkLr8XQRgE/cgxOm0x3AAAJ
The text was updated successfully, but these errors were encountered: