diff --git a/docs/source/corda-firewall-component.rst b/docs/source/corda-firewall-component.rst index d1e66ad7e1..ec2ae77cd1 100644 --- a/docs/source/corda-firewall-component.rst +++ b/docs/source/corda-firewall-component.rst @@ -77,14 +77,14 @@ The complete sequence is therefore: 4. On receipt of a message acknowledge from Artemis the ``StateMachine`` can continue flow if it is not awaiting a response i.e. a ``send`` operation. Otherwise it remains suspended waiting for the reply. -5. The receiving end of the bridge TLS/AMQP 1.0 link might be the Artemis broker of a remote node, +5. The receiving end of the bridge TLS 1.2 /AMQP 1.0 link might be the Artemis broker of a remote node, but for now we assume it is an enterprise deployment that is using a float process running behind a firewall. The receiver will already have confirmed the validity of the TLS originator when it accepted the TLS handshake. However, the float does some further basic checking of received messages and their associated headers. For instance the message must be targeted at an inbox address and must be below the network parameters defined ``maxMessageSize``. 6. Having passed initial checks on the message the float bundles up the message and originator as a payload to be - sent across the DMZ internal firewall. This inbound message path uses a separate AMQP 1.0/TLS control tunnel. + sent across the DMZ internal firewall. This inbound message path uses a separate AMQP 1.0/TLS 1.2 control tunnel. (N.B. This link is initiated from the local master bridge in the trusted zone to the float in the DMZ. This allows a simple firewall rule to be configured which blocks any attempts to probe the internal network from the DMZ.) Once the message is forwarded the float keeps track of the delivery acknowledgements, diff --git a/docs/source/firewall-configuration-file.rst b/docs/source/firewall-configuration-file.rst index dfa2a8ddf6..cbfceeb6a9 100644 --- a/docs/source/firewall-configuration-file.rst +++ b/docs/source/firewall-configuration-file.rst @@ -53,7 +53,7 @@ The particular mode is selected via the required ``firewallMode`` configuration :BridgeInner: mode runs this instance of the ``corda-firewall.jar`` as the trusted portion of the peer-to-peer firewall float. Specifically, this process runs the complete outbound message processing. For the inbound path it operates only the filtering and durable storing portions of the message processing. - The process expects to connect through a firewall to a matched ``FloatOuter`` instance running in the DMZ as the actual ``TLS/AMQP 1.0`` termination point. + The process expects to connect through a firewall to a matched ``FloatOuter`` instance running in the DMZ as the actual ``TLS 1.2/AMQP 1.0`` termination point. :FloatOuter: causes this instance of the ``corda-firewall.jar`` to run as a protocol break proxy for inbound message path. The process will initialise a ``TLS`` control port and await connection from the ``BridgeInner``. Once the control connection is successful the ``BridgeInner`` will securely provision @@ -91,16 +91,16 @@ absolute path to the firewall's base directory. :alternateArtemisBrokerAddresses: Optionally if there are multiple Artemis broker address e.g. for hot-cold node deployment, then additional hosts and ports may be included in a list. - :customSSLConfiguration: The default behaviour is that the outgoing ``TLS/AMQP 1.0`` connections present certificate details from (``/certificates/sslkeystore.jks``) + :customSSLConfiguration: The default behaviour is that the outgoing ``TLS 1.2/AMQP 1.0`` connections present certificate details from (``/certificates/sslkeystore.jks``) and validate against (``/certificates/truststore.jks``), using the passwords defined in the root config. However, distinct KeyStores may be configured in this section: :keyStorePassword: The password for the TLS KeyStore and private keys within the KeyStore. :trustStorePassword: The password for TLS TrustStore. - :sslKeystore: The path to the KeyStore file to use in outgoing ``TLS/AMQP 1.0`` connections. + :sslKeystore: The path to the KeyStore file to use in outgoing ``TLS 1.2/AMQP 1.0`` connections. - :trustStoreFile: The path to the TrustStore file to use in outgoing ``TLS/AMQP 1.0`` connections. + :trustStoreFile: The path to the TrustStore file to use in outgoing ``TLS 1.2/AMQP 1.0`` connections. :crlCheckSoftFail: If true (recommended setting) allows certificate checks to pass if the CRL(certificate revocation list) provider is unavailable. @@ -116,19 +116,19 @@ absolute path to the firewall's base directory. :inboundConfig: This section is used to configure the properties of the listening port. It is required for ``SenderReceiver`` and ``FloatOuter`` modes and must be absent for ``BridgeInner`` mode: - :listeningAddress: The host and port to bind to as ``TLS/AMQP 1.0`` listener. This may be a specific network interface on multi-homed machines. + :listeningAddress: The host and port to bind to as ``TLS 1.2/AMQP 1.0`` listener. This may be a specific network interface on multi-homed machines. It may also differ from the externally exposed public ``p2pAddress`` of the port if the firewalls, or load balancers transparently reroute the traffic. - :customSSLConfiguration: The default behaviour is that the inbound ``TLS/AMQP 1.0`` connections present certificate details from (``/certificates/sslkeystore.jks``) + :customSSLConfiguration: The default behaviour is that the inbound ``TLS 1.2/AMQP 1.0`` connections present certificate details from (``/certificates/sslkeystore.jks``) and validate against (``/certificates/truststore.jks``), using the passwords defined in the root config. However, distinct KeyStores may be configured in this section: :keyStorePassword: The password for the TLS KeyStore and private keys within the KeyStore. :trustStorePassword: The password for TLS TrustStore. - :sslKeystore: The path to the KeyStore file to use in inbound ``TLS/AMQP 1.0`` connections. + :sslKeystore: The path to the KeyStore file to use in inbound ``TLS 1.2/AMQP 1.0`` connections. - :trustStoreFile: The path to the TrustStore file to use in inbound ``TLS/AMQP 1.0`` connections. + :trustStoreFile: The path to the TrustStore file to use in inbound ``TLS 1.2/AMQP 1.0`` connections. :crlCheckSoftFail: If true (recommended setting) allows certificate checks to pass if the CRL(certificate revocation list) provider is unavailable. diff --git a/docs/source/messaging.rst b/docs/source/messaging.rst index 4fe8cc39a5..a2cf6f748e 100644 --- a/docs/source/messaging.rst +++ b/docs/source/messaging.rst @@ -1,7 +1,7 @@ Networking and messaging ======================== -Corda uses AMQP/1.0 over TLS between nodes which is currently implemented using Apache Artemis, an embeddable message +Corda uses AMQP/1.0 over TLS/1.2 between nodes which is currently implemented using Apache Artemis, an embeddable message queue broker. Building on established MQ protocols gives us features like persistence to disk, automatic delivery retries with backoff and dead-letter routing, security, large message streaming and so on.