SSL support #50
Comments
|
Hi Paul, Thanks for bringing up the issue. I don't have any future plans to support Compose.io. A few months ago, I tried reaching out to Compose.io about a test account for the C# driver for testing SSL purposes but my request was denied. 😐 _So..._ ultimately, if I can't test it, I can't support it. 💔 In an effort to maintain a high-quality driver, I'm not comfortable adding anything to the C# driver that can't be independently tested from our CI build server and my dev box. I hope that sounds reasonable. If you'd like us to support Compose.io you'd need advocate on our behalf at Compose.io on some kind of test account that we can use for testing purposes. You might have better luck than I did. 🎱 Brian |
|
I understand clearly your point about Compose IO. I will advocate on your behalf. But I think RethinkDb over SSL is not Compose.IO specific. Also according to https://rethinkdb.com/docs/security/, rethinkdb is getting SSL/TLS natively. So you will have to implement it eventually. |
|
Yeah, you're absolutely correct. Eventually at some point we will but IIRC, currently, the RethinkDB Windows build doesn't support SSL/TLS yet. 🔒 🔑 |
|
BTW. For your record here is their response. Which i think we all agree on. Just a matter of time. Thanks We're slightly puzzled since this is not an issue that is specific to Compose. This is simple RethinkDB over SSL that anyone can set up on their own with Rethink behind a proxy terminating SSL. Compose really has no special sauce on this stack. Furthermore, RethinkDB 2.3 supports SSL, and we'll be rolling out 2.3 in the near future. One way or another the C# drivers should probably consider adding SSL support, and it's not a matter of, as the author states "supporting Compose." It's rather "Supporting TLS connections" which is a fairly industry standard proposition. |
|
So, just to clarify and "unpuzzle" it for them:
Hopefully, that makes sense to them. Therefore, until we have a testable way on Windows server to support SSL/TLS (and consequently Compose.io) both will remain unsupported in this C# driver. |
|
@bchavez Any movement on this issue yet? I would like to use this driver to connect to a compose.io rethinkdb, but I'm not having any luck... Apparently the Java driver supports SSL, when can we expect this driver to have parity? Until then are there any workarounds? You know if it's just a matter of testing, compose.io offers a 30 day free trial??? |
|
Hi @VagyokC4 There won't be any movement until we have a testable way to do SSL/TLS _on Windows_ with RethinkDB server. There are two ways to achieve SSL/TLS testing given our current limitations with RethinkDB server _on Windows_:
Without either one, SSL/TLS (and consequently Compose.io) will continue to remain unsupported. You'll have to ask the people at compose.io to help you out with any workarounds.
ICYMI, it's also a violation of Compose.io's Terms of Service to "avoid fees". So, every time I make a change to the networking code like #77 (or when people run into problems with SSL/TLS), I'd have to create a new account every 30-days just to test SSL/TLS in violation of their Terms of Service right? Nah, I don't think so. If Compose.io ever decides to change their mind to allow C#/.NET customers to connect to their service without waiting for rethinkdb/rethinkdb#5592, then they can get in contact with me. You can try advocating on our behalf again but I'd expect the same response from the people Compose. |
|
@bchavez the team I'm on are running up against this same issue/requirement, to connect with a Compose.io hosted RethinkDb instance via TLS/SSL, so please +1 us to the list of folks who could really use this feature. Just a thought here, to address the concerns about testing this within a Windows environment, since as you stated, you'd need to run the Linux binaries, have you thought about leveraging a Docker container running RethinkDb (on Windows)? Cheers! |
|
Hi @matt-softlogic, Unfortunately, there won't be any movement on this until we have a _public way_ to test SSL/TLS on our CI server with either of the two options I've mentioned above. IIRC, AppVeyor, our public CI server, runs inside a Windows Server 2012 R2 VM, so there is no easy way to setup a docker container with a RethinkDB Linux binary. I also don't plan on maintaining a hellish build script to create another concentric VM to test SSL/TLS. Please remember, I maintain this driver on my free time. Maintainability of this driver is my highest concern. Again, if Compose.io decides to change their mind then they can get in contact with me. I'll be happy to work with them. Otherwise, we will continue to wait for rethinkdb/rethinkdb#5592. Also, waiting for 5529 may turn out to be a much longer wait now with the recent announcement that the company behind RethinkDB is shutting down. |
|
Hi @unclepaul84 , @VagyokC4 , @matt-softlogic , @JohnLouderback The RethinkDB C# driver now supports SSL/TLS and supports connecting to Compose.IO. However, using SSL/TLS features of the RethinkDB C# driver (or connecting to Compose.IO) requires a commercial license subscription. You can find more info about this in the documentation for SSL/TLS and Compose.IO here. More info on the decision to switch to dual-licensing can be found in PR #110. Official driver builds supporting SSL/TLS and Compose.IO start at I'll be making a non-beta release soon after some more improvements by next week. Thanks, 💥 🔥 "Set it ablaze like a candle wick... Light it up, light it up..." |
Compose.io only supports SSL based connections. From what i see in the your source code, it would be pretty easy to conditionally slip in SSLStream vs NetworkStream in SocketWrapper class.
Is this in your near future plans?
Thanks
The text was updated successfully, but these errors were encountered: