Mutual TLS #78
Comments
|
Hi @DMickens Is there a tentative timeline on when this will be available? Thanks |
|
Right now we don't have a strict timeline. There are lots of enhancements that can be done and we are prioritizing based on feedback and demand from the field. There is a growing demand for TLS enhancements, though, so it might be given priority in the next few months. If you have a particular reason for mTLS you can provide that here and it may help us to decide when to take this on. |
|
Hey @DMickens, my company's security policy requires us to use mTLS and we have enabled this on our clusters and use it with other tech stacks too. So this feature will be really helpful for us. Thanks |
|
An alternative system of TLS socket management giving the user more control is being investigated and implemented. This will allow the user to construct and provide the entire tls config object that the driver uses when wrapping the tls socket after tls negotiation with the server. The original motivation is to help minimize issues for users migrating from the unsupported node-vertica to vertica-nodejs. However, this should also provide a backdoor way to enable mutual TLS, the only caveat being that the user is responsible for ensuring the proper tls config parameters are provided. This is not intended to be the only solution for mTLS, however this may be a temporary option for those needing mTLS sooner rather than later. |
We want to support mutual TLS along side server side TLS. This should be a matter of ensuring the client can respond to a request from the server for it's certificate.
There is commented out code to support this. We need to be configured to test thoroughly before release
The text was updated successfully, but these errors were encountered: