What is the recommended strategy for securing RPC & P2P communication?

+6 votes

To my knowledge, there are two modes of communication that MultiChain supports. 

  • P2P via the Bitcoin protocol over TCP.
  • The RPC API.

Up until v0.12.0, Bitcoin Core supported RPC over SSL. After version 0.12.0 it seems the recommendation is to run a reverse proxy server for RPC over SSL or to use stunnel for securing Bitcoin core's RPC api. Is that also the recommendation for securing MultiChain's RPC access? As of v1.0-alpha-26, Multichaind still has the ssl related options, but given the answer to this question it doesn't appear to be a supported feature.

Concerning P2P communication, I have not been able to find documentation or examples of the Bitcoin protocol over SSL. Is it even supported by the multichaind application? If not, what is the strategy for securing P2P traffic between MultiChain nodes. Is the intent to only run a P2P group on a private (trusted) network? 

asked Dec 19, 2016 by sholloway

1 Answer

+2 votes
Regarding the JSON-RPC API, we haven't yet looked into the SSL issue in depth. So for now we can only echo the Bitcoin Core recommendation that if security is paramount, you should not rely on the security of the SSL interface.

Regarding the peer-to-peer protocol, encrypted communications are on the roadmap, but have not been implemented yet.
answered Dec 19, 2016 by MultiChain
Hi

Is there any update on if/when there will be any ssl support for both the rpc interface and the p2p protocol?

Cheers

Marty
SSL is supported in the RPC interface, using options like -rpcssl. We haven't documented this extensively but you should be able to follow the Bitcoin Core documentation to set it up. As for secure P2P, it's still on the roadmap...
...