Open WyriHaximus opened 1 year ago
Thanks to a suggestion from @clue I managed to drop the dependency on https://github.com/reactphp/async/pull/65
I added some remarks and suggestions for the documentation, same suggestions are also important for the doc-blocks inside the added classes.
@SimonFrings Let me know if you have any more pointers? Will apply them to the docblocks later today
@SimonFrings Updated the doc blocks
Thanks for updating, texts and the overall code structure are looking fine 👍
:+1:
I am not very experienced when it comes to opportunistic TLS, so I can't really review if this is exactly the way to introduce this to the project, but the rest looks good to me.
The only reason I found out STARTSSL
is a flavor of opportunistic TLS is because I started working on https://github.com/voryx/PgAsync/pull/52, did a writedown of the why at https://blog.wyrihaximus.net/2023/01/migrating-from-self-hosted-in-k8s-databases-to-managed-hosted-at-digital-ocean/. That is also why I started with STARTTLS
and ended up with opportunistic TLS just providing the barebones to do it and not implement some standard on top of it.
As discussed, I've extracted this into a package: https://github.com/WyriHaximus/reactphp-opportunistic-tls
This PR introduces the functionality required to build opportunistic TLS clients and servers with ReactPHP. It does so by introducing a prefix to
tls://
, namelyopportunistic
, to createopportunistic+tls://example.com:5432
for example as the full URL. This will create anOpportunisticTlsConnectionInterface
(instead of aConnectionInterface
) that extends theConnectionInterface
and exposes theenableEncryption
method to enable TLS encryption at the desired moment. Inside this PR is an example of a server and client negotiating when to enable TLS and enable it when ready.Opportunistic Security described in RFC7435: https://www.rfc-editor.org/rfc/rfc7435 External PR using the proposed changes in this PR: https://github.com/voryx/PgAsync/pull/52