Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Support handshake_first #779

Closed
johnweldon opened this issue Aug 6, 2024 · 0 comments · Fixed by #780
Closed

Support handshake_first #779

johnweldon opened this issue Aug 6, 2024 · 0 comments · Fixed by #780
Assignees
@kozlovic
Labels
proposal Enhancement idea or proposal

Comments

@johnweldon
Copy link

Proposed change

The NATS Server supports a handshake_first option which configures TLS connections to begin the TLS negotiation immediately, rather than first issuing an INFO response to negotiate up to TLS.

The C client doesn't appear to support this option yet.

Use case

If the server is configured with handshake_first: true, the server will expect TLS connections to start with the TLS negotiation, but the C client code does not have an option to start TLS connections that way.

Contribution

No response
@johnweldon johnweldon added the proposal Enhancement idea or proposal label Aug 6, 2024
@kozlovic kozlovic self-assigned this Aug 6, 2024
kozlovic added a commit that referenced this issue Aug 6, 2024
@kozlovic
[ADDED] TLS: natsOptions_SetTLSHandshakeFirst()
a6d6583 
This is to force a client to perform the TLS handshake first, that
is, not wait for the INFO protocol from the server. This is needed
if the server is configured to require clients to perform the TLS
handshake first (before sending the INFO protocol).

Resolves #779

Signed-off-by: Ivan Kozlovic <[email protected]>
kozlovic added a commit that referenced this issue Aug 6, 2024
@kozlovic
[ADDED] TLS: natsOptions_SetTLSHandshakeFirst()
2e863b6 
This is to force a client to perform the TLS handshake first, that
is, not wait for the INFO protocol from the server. This is needed
if the server is configured to require clients to perform the TLS
handshake first (before sending the INFO protocol).

Resolves #779

Signed-off-by: Ivan Kozlovic <[email protected]>
kozlovic added a commit that referenced this issue Aug 6, 2024
@kozlovic
[ADDED] TLS: natsOptions_TLSHandshakeFirst()
99e733b 
This is to force a client to perform the TLS handshake first, that
is, not wait for the INFO protocol from the server. This is needed
if the server is configured to require clients to perform the TLS
handshake first (before sending the INFO protocol).

Resolves #779

Signed-off-by: Ivan Kozlovic <[email protected]>
@kozlovic kozlovic mentioned this issue Aug 6, 2024
Merged
levb pushed a commit that referenced this issue Aug 7, 2024
@kozlovic
[ADDED] TLS: natsOptions_TLSHandshakeFirst() (#780)
fbcddd1 
* [ADDED] TLS: natsOptions_TLSHandshakeFirst()

This is to force a client to perform the TLS handshake first, that
is, not wait for the INFO protocol from the server. This is needed
if the server is configured to require clients to perform the TLS
handshake first (before sending the INFO protocol).

Resolves #779

Signed-off-by: Ivan Kozlovic <[email protected]>

* Fixed flapper

If the cluster was not fully established when the rest of the test
was running, the library may get additional client URLs to reconnect
to (gossip protocol). Looks like this was happening more on Windows CI
than Linux.

Using some options to clamp all that.

Signed-off-by: Ivan Kozlovic <[email protected]>

---------

Signed-off-by: Ivan Kozlovic <[email protected]>
@levb levb closed this as completed in #780 Aug 7, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@kozlovic kozlovic

Labels
proposal Enhancement idea or proposal
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

[ADDED] TLS: natsOptions_TLSHandshakeFirst() nats-io/nats.c
2 participants
@johnweldon @kozlovic