Rocket U2 | UniVerse & UniData

  • 1.  UniVerse: Can the UniRPC be configured to ONLY accept SSL/TLS connections

    PARTNER
    Posted 10-07-2021 00:15
    I have been scanning the docs for 11.3 and so far have determined that it is possible to configure the UniRPC services (via the secuconf command ) to support secure TLS connections.

    What I have not seen is any detail about how to ensure that ONLY secure connections are accepted.

    Does anyone know if this is currently possible?

    ------------------------------
    Gregor Scott
    Software Architect
    Pentana Solutions Pty Ltd
    Mount Waverley VIC Australia
    ------------------------------


  • 2.  RE: UniVerse: Can the UniRPC be configured to ONLY accept SSL/TLS connections

    Posted 10-08-2021 12:28
    Hello Gregor

    The simple answer is yes.

    But first run this command to make sure your DB release supports security:

    unirpcd -h

    You should see something like this:

    [nxkesic@preaur4vapp001 cm]$ unirpcd -?
    Unirpc Service Listener Daemon
    Usage: unirpcd [-p<portno> | -n<name>] [-s] [-l<logpath>] [-d<n>] [-timeout<n>] [-h]
    Options:
    -p: port number of the unirpcd listener
    -n: service name in the /etc/services file
    -s: secure-only connection
    -l: full path of log file name
    -d: 0-9 debug level
    -timeout: connection timeout value in seconds
    -h: display help messages
    Notes:
    Option values must follow option names without any white-space in between.
    -p and -n are mutually exclusive. If both are present, the last one takes effect.
    If no -l is specified, messages display to stderr. If redirected, -l is ignored.

    If you do not see a display like above, you need to upgrade

    cheers.

    ------------------------------
    Nik Kesic
    DevOps
    LKQ
    NASHVILLE TN United States
    ------------------------------



  • 3.  RE: UniVerse: Can the UniRPC be configured to ONLY accept SSL/TLS connections

    PARTNER
    Posted 10-10-2021 19:00
    Thanks for the info @Nik Kesic.

    This is what I get when running unirpcd -?

    root@eraPower-RHEL7-dev# unirpcctl status
    UniVerse is running
    UniRPC daemon is running:
    UID PID PPID C STIME TTY TIME CMD
    root 6627 1 0 Aug08 ? 00:00:06 /usr/unishared/unirpc/unirpcd
    root@eraPower-RHEL7-dev# unirpcd -?
    ^C
    root@eraPower-RHEL7-dev# bin/unirpcd -?
    ^C
    root@eraPower-RHEL7-dev# uv -version
    UniVerse 11.3.3
    root@eraPower-RHEL7-dev#

    No output - I had to abort the command, so I don't believe it is available in 11.3.x.
    Could the secure-only mode be a UV 12.x feature?

    ------------------------------
    Gregor Scott
    Software Architect
    Pentana Solutions Pty Ltd
    Mount Waverley VIC Australia
    ------------------------------



  • 4.  RE: UniVerse: Can the UniRPC be configured to ONLY accept SSL/TLS connections

    ROCKETEER
    Posted 3 days ago
    Gregor,

    This feature was added to UniData at 8.2.2:
    • UDT-11789 Previously, client-server connections using the unirpc interface could be clear text or secure using SSL. Starting with this release, new options have been added to unirpcd to enable secure SSL-only connections if required.
    Please open a Support ticket with this request and we will see what we can do.

    ------------------------------
    John Jenkins
    Principal Technical Support Engineer
    Rocket Software Limited
    U.K.
    ------------------------------