morpheus
Reputation: 20330
Hyperledger Fabric: Should we use the TLS provided by Fabric or Docker?
Hyperledger Fabric provides TLS for secure communication between containers [1]. However this is also something that is provided out of the box by Docker using the --opt encrypted flag. So which is the better option to choose and what is the best practice here?
Upvotes: 0
Views: 42
Answers (1)
yacovm
Reputation: 5140
If you run Fabric in production, always use TLS. Fabric's public TLS settings (TLS CA certificates) are actually encoded inside the blockchain, and the nodes (peers, orderers) use them to build the CA certificate pools per channel.
If you use any third party solution, there is no way of ensuring your authentication is per channel and not globally, and this exposes you to attacks.
Upvotes: 1
Related Questions
- Does Hyperledger Fabric need Docker?
- What is the use of TLS concept in the first network of fabric samples of hyperledger?
- Hyperledger setup in Docker Swarm Mode w/ TLS
- Difference between hyperledger fabric native setup and hyperledger fabric docker version setup?
- Hyperledger Fabric SDK - https & TLS Cert / Key
- Difference between Fabric CA server and CA Client
- Hyperledger fabric and docker
- How to set tls in fabric-ca
- Hyperledger Fabric: Do we need to pass TLS cert/key files while joining channel?
- Enabling TLS on production network with Fabric CA