Add TLS encryption by mahdi-orbitalize · Pull Request #13 · Orbitalize/dss

mahdi-orbitalize · 2026-05-21T16:29:15Z

What I did:

consensus.go was updated to enable client-side (handled by rafthttp if we provide a transport.TLSInfo when constructing a rafthttp.transport) and server-side (handled by extracting a tls.Config from the transport.TLSInfo and passing it to the server at construction plus using ListenAndServeTLS instead of ListenAndServe)
gen-cert.sh was introduced to make certificates (with the number of nodes as a parameter). Note that it's made to work for local setups (i.e. address is localhost or 127.0.0.1). I also provided example certificates to save the trouble of generating them.
params.go was updated to support passing the paths to the TLS certificates as a parameter. It also enforces the use of HTTPS instead of HTTP for the peers' URLs. Also, more tests were added to params_test.go to test the new features.
start_cluster.sh was created to quickly test a 3-node setup with TLS and easily inspect logs.

How I tested it:

Verified that logs where similar when trying with/without encryption (and that it fails when it's supposed to fail)

mahdi-orbitalize added 4 commits May 21, 2026 16:40

feat: add TLS encryption (w/ test certs)

4e4da08

feat: add TLS certificates as parameter

05ed116

fix: enforce HTTPS requirement

049e28c

feat: add script to start test cluster

e20c325

mahdi-orbitalize requested a review from MariemBaccari May 21, 2026 16:29

mahdi-orbitalize added 2 commits May 21, 2026 18:41

fix: repo hygiene check fails

7e92677

fix: make go-lint fails

40208fb

Provide feedback