You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@cassandra.apache.org by "Aleksey Yeschenko (Jira)" <ji...@apache.org> on 2020/05/13 14:09:00 UTC
[jira] [Commented] (CASSANDRA-15727) Internode messaging connection
setup between 4.0 and legacy SSL 3.0 fails if initial connection version
incorrect
[ https://issues.apache.org/jira/browse/CASSANDRA-15727?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17106331#comment-17106331 ]
Aleksey Yeschenko commented on CASSANDRA-15727:
-----------------------------------------------
The patch mostly looks good to me, but I think there is an issue with the logic in `InboundSockets#addBindings()` - I *think* it's possible for the ports to match in config but for encryption or legacy ssl storage port to not be enabled, thus never adding any bindings at all.
Also some formatting nits and unnecessary `this` that we usually avoid.
Pushed [here|https://github.com/iamaleksey/cassandra/commits/15727-4.0] - please have a look, as I'm not certain about issue 1.
> Internode messaging connection setup between 4.0 and legacy SSL 3.0 fails if initial connection version incorrect
> -----------------------------------------------------------------------------------------------------------------
>
> Key: CASSANDRA-15727
> URL: https://issues.apache.org/jira/browse/CASSANDRA-15727
> Project: Cassandra
> Issue Type: Bug
> Components: Messaging/Internode
> Reporter: Jon Meredith
> Assignee: Jon Meredith
> Priority: Normal
> Labels: pull-request-available
> Fix For: 4.0-beta
>
> Time Spent: 10m
> Remaining Estimate: 0h
>
> This was discovered while testing upgrading an SSL enabled cluster from 3.0 to 4.0. The 3.0 cluster was configured to only listen on the ssl storage port. When the upgraded 4.0 node started it received a gossip messsage that triggered a shadow round before it had correctly set the messaging versions for the other endpoints.
> Sending the message created the connection, but because the endpoint defaulted to {{VERSION_40}} the initial connect attempt was to the regular {{storage_port}}. The 3.0 node was only listening on the {{ssl_storage_port}}, so the connection was refused and the {{OutboundConnection.onFailure}} handler was called. As the shadow
> gossip round had queued up a message, the {{hasPending}} branch was followed and the connection was rescheduled, however the port is never recalculated as the original settings are used so it always fails.
> Meanwhile, the node discovered information about peers through inbound connection and gossip updating the messaging version for the endpoint which could have been used to make a valid connection.
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
---------------------------------------------------------------------
To unsubscribe, e-mail: commits-unsubscribe@cassandra.apache.org
For additional commands, e-mail: commits-help@cassandra.apache.org