About one year back when i first took up the task of enabling TLS 1.2 in some of the components in our technology stack. it felt like a very tough job because of two major reasons listed below.
- I belong to the fraternity of Front End Developers who are majorly known for their lack of in depth knowledge of devops and backend.
- There was a lack of proper documentation and i had to do a lot of googling around,because most of the famous tech platform cover very little about these less known topics or otherwise blame it to poor SEO measures taken by those bloggers who cover topics like this.
we can't blame them because SEO is something that has more to do with front end development than backend or devops.
I will be noting down a lists of basic tasks to perform in order to enable TLS in Rserve. also i will be adding more posts to give you insight of some sub-topics i.e. (how to generate private/public key, or how to test if tls1.2 is enabled etc.).
P.S : Please note that these steps are for Rserve on Linux.
P.P.S : this is my very first blog post.
Here we go.....
Step 1: Generate a private key and self-signed certificate (i will be covering this in another post soon).
Step 2: install libssl-dev first in your linux machine and then install Rserve, So Rserve is compiled with TLS support.
Step 3: Edit/Add /etc/Rserv.conf file, and following parameters.
remote enable plaintext disable encoding utf8 qap.tls.port <port for SSL/TLS channel> // 6311 by default tls.key <private key KEY file> tls.cert <server certificate CERT file> gid 1001 uid 1001 qap disable maxinbuf 4194304
Step 4: Start Rserve. With this action, a server is created to listen to the TLS port.
Step 5: Run following openssl command to test
openssl s_client -connect localhost:6311 -tls1_2
This should help you successfully enable TLS 1.2 in your rserve application. feel free to write to me or comment below in case you are facing any issues.