- 최신
- 최다 투표
- 가장 많은 댓글
Hi,
API calls from the X-Ray daemon to the X-Ray service are encrypted in transit, since Transport Layer Security (TLS) 1.0 or later is required (but TLS 1.2 or later recommended) by the backend.
However, after analysing the source code from the Github repository, it seems that the communication between your applications X-Ray SDK and the X-Ray daemon is not encrypted. I have not found official documentation that confirms or denies it, but the daemon instantiates a UDP server instead of a DTLS (TLS for UDP) or similar.
// New returns new instance of UDP.
func New(udpAddress string) socketconn.SocketConn {
log.Debugf("Listening on UDP %v", udpAddress)
addr, err := net.ResolveUDPAddr("udp", udpAddress)
if err != nil {
log.Errorf("%v", err)
os.Exit(1)
}
sock, err := net.ListenUDP("udp", addr)
if err != nil {
log.Errorf("%v", err)
os.Exit(1)
}
return UDP{
socket: sock,
}
}
I guess it's because it's designed to be deployed in the same execution environment as the application and communicate locally (See Lambda, ECS or EKS), and thus improve performance.
Hello,
Greetings for the day!!
To answer your query, X-ray sends encrypted communication from AWS X-ray API to X-ray service, please refer this documentation[1] for more information.
However X-ray does not encrypt traffic on UDP. Please refer this github snippet[2] for insight.
Have a fantastic day ahead!!
Reference:
[1] https://docs.aws.amazon.com/xray/latest/devguide/xray-daemon.html.
