Shulou(Shulou.com)06/01 Report--

This article is about how to enable two-way TLS secure communication in Hyperledger Fabric networks. The editor thinks it is very practical, so share it with you as a reference and follow the editor to have a look.

1. Basic concepts of TLS

TLS (Transport Layer Security), the transport layer security protocol, is used to provide confidentiality and data integrity between two communicating nodes by authenticating with X.509 certificates and generating session keys.

When one node A needs to send a message to another node B, the following conditions need to be met to ensure data integrity and security:

Identity confirmation: B should be able to confirm that the message is from An instead of C or D

Data encryption: a sends messages to B in encrypted mode

The service node sends its X.509 certificate (and any intermediate CA certificate) to the client, which uses one of its trusted root certificates to verify the identity of the service node. Most clients use the trusted root certificate set provided by Microsoft or Mozilla. At the end of this process, the client can confirm the true identity of the service node.

TLS has a wide range of applications. For example, when we use a browser to access the URL at the beginning of https, we can use TLS,TLS to ensure the identification of both sides of the communication and establish a two-way encrypted channel.

TLS not only supports the authentication of the client to the service node, but also supports the service node to verify the identity of the client. This is what we call two-way TLS authentication. In the P2P communication environment, two-way TLS authentication is particularly necessary:

2. Enable TLS two-way authentication for Orderer or Peer

So how do we enable bi-directional TLS in Hyperledger Fabric?

The sort node (Orderer) to enable authentication to the client, you need to set the following environment variables:

Peer node (Peer) to enable authentication to the client, you need to set the following environment variables:

3. TLS the Node.js code that connects to Orderer or Peer

Set up the Client instance with the received client certificate and key, which will use these cryptographic materials to submit to orderer and peer.

For example, the following Node.js code shows how to set the TLS cryptographic data for a client instance, and then how to create orderer and peer instances with TLS two-way authentication enabled. We assume that the paths of client's PEM-encoded TLS keys and certificates are somepath/tls/client.key and somepath/tls/client.crt, respectively:

If there is a validation problem, you will see the following error message:

E0923 16:30:14.963494564 31166 ssl_transport_security.cc:188] ssl_info_callback: error occured.E0923 16:30:14.963567129 31166 ssl_transport_security.cc:989] Handshake failed with fatal error SSL_ERROR_SSL: error:14094412:SSL routines:ssl3_read_bytes:sslv3 alert bad certificate.E0923 16:30:15.964456710 31166 ssl_transport_security.cc:188] ssl_info_callback: error occured. Thank you for reading! This is the end of the article on "how to enable two-way TLS secure communication in the Hyperledger Fabric network". I hope the above content can be of some help to you, so that you can learn more knowledge. if you think the article is good, you can share it for more people to see!

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.