[ClusterLabs] corosync 2.4.4 version provide secure the communication by default

S Sathish S s.s.sathish at ericsson.com
Mon Jan 23 04:38:01 EST 2023 

Hi Jan/Team,

Yes , In syslog we noticed "crypto: none" during startup of corosync service.

In Corosync communication which protocols/ports transfer sensitive data which need to be secured ?

Or It will have only binary protocol like 5405 port for all corosync communication?

Thanks and Regards,
S Sathish S
-----Original Message-----
From: Jan Friesse <jfriesse at redhat.com> 
Sent: 23 January 2023 14:50
To: Cluster Labs - All topics related to open-source clustering welcomed <users at clusterlabs.org>
Cc: S Sathish S <s.s.sathish at ericsson.com>
Subject: Re: [ClusterLabs] corosync 2.4.4 version provide secure the communication by default

Hi,

On 23/01/2023 01:37, S Sathish S via Users wrote:
> Hi Team,
> 
> corosync 2.4.4 version provide mechanism to secure the communication path between nodes of a cluster by default? bcoz in our configuration secauth is turned off but still communication occur is encrypted.
> 
> Note : Capture tcpdump for port 5405 and I can see that the data is already garbled and not in the clear.

It's binary protocol so don't expect some really readable format (like xml/json/...). But with your config it should be unencrypted. You can check message "notice  [TOTEM ] Initializing transmit/receive security
(NSS) crypto: none hash: none" during start of corosync.

Regards,
   Honza


> 
> [root at node1 ~]# cat /etc/corosync/corosync.conf totem {
>      version: 2
>      cluster_name: OCC
>     secauth: off
>      transport: udpu
> }
> 
> nodelist {
>      node {
>          ring0_addr: node1
>          nodeid: 1
>      }
> 
>      node {
>          ring0_addr: node2
>          nodeid: 2
>      }
> 
>      node {
>          ring0_addr: node3
>          nodeid: 3
>      }
> }
> 
> quorum {
>      provider: corosync_votequorum
> }
> 
> logging {
>      to_logfile: yes
>      logfile: /var/log/cluster/corosync.log
>      to_syslog: no
>      timestamp: on
> }
> 
> Thanks and Regards,
> S Sathish S
> 
> 
> _______________________________________________
> Manage your subscription:
> https://protect2.fireeye.com/v1/url?k=31323334-501d5122-313273af-45444
> 5555731-d41b18997a64a81a&q=1&e=d75dcac1-7d11-41aa-b596-47366bde2862&u=
> https%3A%2F%2Flists.clusterlabs.org%2Fmailman%2Flistinfo%2Fusers
> 
> ClusterLabs home: 
> https://protect2.fireeye.com/v1/url?k=31323334-501d5122-313273af-45444
> 5555731-b3537e65a3f1def4&q=1&e=d75dcac1-7d11-41aa-b596-47366bde2862&u=
> https%3A%2F%2Fwww.clusterlabs.org%2F
>

More information about the Users mailing list