Chapter 7. Security

7.1. Securing connections with SSL/TLS

AMQ JavaScript uses SSL/TLS to encrypt communication between clients and servers.

To connect to a remote server with SSL/TLS, set the transport connection option to tls.

Example: Enabling SSL/TLS

var opts = {
    host: "example.com",
    port: 5671,
    transport: "tls"
};

container.connect(opts);

Note

By default, the client will reject connections to servers with untrusted certificates. This is sometimes the case in test environments. To bypass certificate authorization, set the rejectUnauthorized connection option to false. Be aware that this compromises the security of your connection.

7.2. Connecting with a user and password

AMQ JavaScript can authenticate connections with a user and password.

To specify the credentials used for authentication, set the username and password connection options.

Example: Connecting with a user and password

var opts = {
    host: "example.com",
    username: "alice",
    password: "secret"
};

container.connect(opts);

7.3. Configuring SASL authentication

AMQ JavaScript uses the SASL protocol to perform authentication. SASL can use a number of different authentication mechanisms. When two network peers connect, they exchange their allowed mechanisms, and the strongest mechanism allowed by both is selected.

AMQ JavaScript enables SASL mechanisms based on the presence of user and password information. If the user and password are both specified, PLAIN is used. If only a user is specified, ANONYMOUS is used. If neither is specified, SASL is disabled.