Rocket U2 | UniVerse & UniData

I have been scanning the docs for 11.3 and so far have determined that it is possible to configure the UniRPC services (via the secuconf command ) to support secure TLS connections.

What I have not seen is any detail about how to ensure that ONLY secure connections are accepted.

Does anyone know if this is currently possible?

------------------------------
Gregor Scott
Software Architect
Pentana Solutions Pty Ltd
Mount Waverley VIC Australia
------------------------------

Hello Gregor

The simple answer is yes.

But first run this command to make sure your DB release supports security:

unirpcd -h

You should see something like this:

[nxkesic@preaur4vapp001 cm]$ unirpcd -?
Unirpc Service Listener Daemon
Usage: unirpcd [-p<portno> | -n<name>] [-s] [-l<logpath>] [-d<n>] [-timeout<n>] [-h]
Options:
-p: port number of the unirpcd listener
-n: service name in the /etc/services file
-s: secure-only connection
-l: full path of log file name
-d: 0-9 debug level
-timeout: connection timeout value in seconds
-h: display help messages
Notes:
Option values must follow option names without any white-space in between.
-p and -n are mutually exclusive. If both are present, the last one takes effect.
If no -l is specified, messages display to stderr. If redirected, -l is ignored.

If you do not see a display like above, you need to upgrade

cheers.

------------------------------
Nik Kesic
DevOps
LKQ
NASHVILLE TN United States
------------------------------

Original Message:
Sent: 10-07-2021 00:15
From: Gregor Scott
Subject: UniVerse: Can the UniRPC be configured to ONLY accept SSL/TLS connections

I have been scanning the docs for 11.3 and so far have determined that it is possible to configure the UniRPC services (via the secuconf command ) to support secure TLS connections.

What I have not seen is any detail about how to ensure that ONLY secure connections are accepted.

Does anyone know if this is currently possible?

------------------------------
Gregor Scott
Software Architect
Pentana Solutions Pty Ltd
Mount Waverley VIC Australia
------------------------------

Thanks for the info @Nik Kesic.

This is what I get when running unirpcd -?

root@eraPower-RHEL7-dev# unirpcctl status
UniVerse is running
UniRPC daemon is running:
UID PID PPID C STIME TTY TIME CMD
root 6627 1 0 Aug08 ? 00:00:06 /usr/unishared/unirpc/unirpcd
root@eraPower-RHEL7-dev# unirpcd -?
^C
root@eraPower-RHEL7-dev# bin/unirpcd -?
^C
root@eraPower-RHEL7-dev# uv -version
UniVerse 11.3.3
root@eraPower-RHEL7-dev#

No output - I had to abort the command, so I don't believe it is available in 11.3.x.
Could the secure-only mode be a UV 12.x feature?

------------------------------
Gregor Scott
Software Architect
Pentana Solutions Pty Ltd
Mount Waverley VIC Australia
------------------------------

Original Message:
Sent: 10-08-2021 12:28
From: Nik Kesic
Subject: UniVerse: Can the UniRPC be configured to ONLY accept SSL/TLS connections

Hello Gregor

The simple answer is yes.

But first run this command to make sure your DB release supports security:

unirpcd -h

You should see something like this:

[nxkesic@preaur4vapp001 cm]$ unirpcd -?
Unirpc Service Listener Daemon
Usage: unirpcd [-p<portno> | -n<name>] [-s] [-l<logpath>] [-d<n>] [-timeout<n>] [-h]
Options:
-p: port number of the unirpcd listener
-n: service name in the /etc/services file
-s: secure-only connection
-l: full path of log file name
-d: 0-9 debug level
-timeout: connection timeout value in seconds
-h: display help messages
Notes:
Option values must follow option names without any white-space in between.
-p and -n are mutually exclusive. If both are present, the last one takes effect.
If no -l is specified, messages display to stderr. If redirected, -l is ignored.

If you do not see a display like above, you need to upgrade

cheers.

------------------------------
Nik Kesic
DevOps
LKQ
NASHVILLE TN United States

Original Message:
Sent: 10-07-2021 00:15
From: Gregor Scott
Subject: UniVerse: Can the UniRPC be configured to ONLY accept SSL/TLS connections

I have been scanning the docs for 11.3 and so far have determined that it is possible to configure the UniRPC services (via the secuconf command ) to support secure TLS connections.

What I have not seen is any detail about how to ensure that ONLY secure connections are accepted.

Does anyone know if this is currently possible?

------------------------------
Gregor Scott
Software Architect
Pentana Solutions Pty Ltd
Mount Waverley VIC Australia
------------------------------

Gregor,

This feature was added to UniData at 8.2.2:

• UDT-11789 Previously, client-server connections using the unirpc interface could be clear text or secure using SSL. Starting with this release, new options have been added to unirpcd to enable secure SSL-only connections if required.

Please open a Support ticket with this request and we will see what we can do.

------------------------------
John Jenkins
Principal Technical Support Engineer
Rocket Software Limited
U.K.
------------------------------

Original Message:
Sent: 10-10-2021 19:00
From: Gregor Scott
Subject: UniVerse: Can the UniRPC be configured to ONLY accept SSL/TLS connections

Thanks for the info @Nik Kesic.

This is what I get when running unirpcd -?

root@eraPower-RHEL7-dev# unirpcctl status
UniVerse is running
UniRPC daemon is running:
UID PID PPID C STIME TTY TIME CMD
root 6627 1 0 Aug08 ? 00:00:06 /usr/unishared/unirpc/unirpcd
root@eraPower-RHEL7-dev# unirpcd -?
^C
root@eraPower-RHEL7-dev# bin/unirpcd -?
^C
root@eraPower-RHEL7-dev# uv -version
UniVerse 11.3.3
root@eraPower-RHEL7-dev#

No output - I had to abort the command, so I don't believe it is available in 11.3.x.
Could the secure-only mode be a UV 12.x feature?

------------------------------
Gregor Scott
Software Architect
Pentana Solutions Pty Ltd
Mount Waverley VIC Australia

Original Message:
Sent: 10-08-2021 12:28
From: Nik Kesic
Subject: UniVerse: Can the UniRPC be configured to ONLY accept SSL/TLS connections

Hello Gregor

The simple answer is yes.

But first run this command to make sure your DB release supports security:

unirpcd -h

You should see something like this:

[nxkesic@preaur4vapp001 cm]$ unirpcd -?
Unirpc Service Listener Daemon
Usage: unirpcd [-p<portno> | -n<name>] [-s] [-l<logpath>] [-d<n>] [-timeout<n>] [-h]
Options:
-p: port number of the unirpcd listener
-n: service name in the /etc/services file
-s: secure-only connection
-l: full path of log file name
-d: 0-9 debug level
-timeout: connection timeout value in seconds
-h: display help messages
Notes:
Option values must follow option names without any white-space in between.
-p and -n are mutually exclusive. If both are present, the last one takes effect.
If no -l is specified, messages display to stderr. If redirected, -l is ignored.

If you do not see a display like above, you need to upgrade

cheers.

------------------------------
Nik Kesic
DevOps
LKQ
NASHVILLE TN United States

Original Message:
Sent: 10-07-2021 00:15
From: Gregor Scott
Subject: UniVerse: Can the UniRPC be configured to ONLY accept SSL/TLS connections

I have been scanning the docs for 11.3 and so far have determined that it is possible to configure the UniRPC services (via the secuconf command ) to support secure TLS connections.

What I have not seen is any detail about how to ensure that ONLY secure connections are accepted.

Does anyone know if this is currently possible?

------------------------------
Gregor Scott
Software Architect
Pentana Solutions Pty Ltd
Mount Waverley VIC Australia
------------------------------