@bascule I believe now there are better options finally: http://www.tarsnap.com/spiped.html
-
-
-
@antirez doesn't cover all of our use cases (e.g. key rotation) -
@bascule if there are good, self contained SSL libs, it is to reconsider. Or could be an opt-in feature off by default using just OpenSSL. -
@antirez OpenSSL support gated on a compile-time flag would be awesome! There are forks with it already:https://github.com/bbroerman30/ssl-redis …
End of conversation
New conversation -
-
-
@bascule@portertech what issues? -
@loganattwood
@portertech managing multiple services, startup order, key rotation, creating 1:1 certs and truststores -
@loganattwood
@portertech we don't use puppet. We have an S2S CA. Using stunnel means stunnel'd services can't use our S2S CA
End of conversation
New conversation -
-
-
@bascule what are the downsides of a SSH tunnel? -
@tectonic for unattended, automated services? Authentication and key rotation come to mind... -
@bascule but interested in your perspective if that's a bad idea -
@tectonic we use firewall zones and mutual TLS for that purpose
End of conversation
New conversation -
-
-
@bascule I looked at every data processing/log collection solution out there, and none that I found were anywhere near secure -
@mik235 haha yeah, unfortunately many seem to fall into the "insecure... for speed" category :( -
@bascule although for the server side, stunnel isn't necessarily worse than a bungled attempt to use libssl...
End of conversation
New conversation -
-
-
@bascule I've seen decent results with spiped. I prefer it far more than stunnel. -
@jtdowney I've been eyeing spiped, but from what I can tell it doesn't support key rotation... -
@bascule just run a new one side by side and configure your client to connect to the new port
End of conversation
New conversation -
-
-
@bascule "Fondly" looking back at running 4-8 stunnnels on each app server, haproxy in front... - 1 more reply
New conversation -
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.