[erlang-questions] TLS distribution: why proxy?

Ingela Andin ingela.andin@REDACTED
Thu Oct 29 15:26:56 CET 2015


Hi!

The reason it is done the way it is, is because that is the easiest way to
do it with the existing kernel API. . We also had
to make some special hooks to the kernel supervisor so that Erlang ssl can
be run before Erlang applications can be started.

Regards Ingela Erlang/OTP Team - Ericsson AB

2015-10-28 17:31 GMT+01:00 Magnus Henoch <magnus@REDACTED>:

> Hi all,
>
> I'm looking into the code for running the Erlang distribution protocol
> over TLS, as described in
> http://www.erlang.org/doc/apps/ssl/ssl_distribution.html . I've noticed
> that the code uses a proxy: for each node, there is one TLS-encrypted
> connection to the remote node, and one non-encrypted connection over
> localhost, all managed by a proxy process that just receives data on the
> non-encrypted connection and sends it to the TLS connection and vice versa.
>
> To me it would seem more rational to use a TLS connection directly, so
> surely there must be a good reason for things being done this way, but I
> haven't found any, neither in comments nor in the version history. Does
> anyone know why the TLS distribution is set up in this way?
>
> Regards,
> Magnus
>
> _______________________________________________
> erlang-questions mailing list
> erlang-questions@REDACTED
> http://erlang.org/mailman/listinfo/erlang-questions
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://erlang.org/pipermail/erlang-questions/attachments/20151029/83ce0161/attachment.htm>


More information about the erlang-questions mailing list