Enabling Encryption on the Client Side
Hazelcast Cloud allows you to encrypt traffic between clients and your cluster, using TLS. To provide the best performance, members always use the OpenSSL library. To encrypt traffic on the client side, you must configure the clients to use OpenSSL.
You must have enabled encryption when you created the cluster. You cannot enable encryption on a cluster that has already been created.
For best performance, you can change the default SSL implementation to OpenSSL in your client application. In order to do it, please perform the following steps.
Make sure OpenSSL is installed on your machine.
Include the OpenSSL dependency in your source code.
<dependency> <groupId>io.netty</groupId> <artifactId>netty-tcnative</artifactId> <version>2.0.19.Final</version> <classifier>linux-x86_64</classifier> </dependency> <dependency> <groupId>io.netty</groupId> <artifactId>netty-handler</artifactId> <version>4.1.31.Final</version> </dependency>
Change the SSL factory name in your application code to
com.hazelcast.nio.ssl.OpenSSLEngineFactoryand use the
Properties props = new Properties(); ... props.setProperty("ciphersuites", "TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256"); ClientConfig config = new ClientConfig(); config.getNetworkConfig().setSSLConfig( new SSLConfig().setEnabled(true) .setFactoryClassName("com.hazelcast.nio.ssl.OpenSSLEngineFactory") .setProperties(props) );
With such configuration in place, you are able to use OpenSSL for the client-server communication, which ensures the highest encryption performance.