You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@cassandra.apache.org by "Mike Adamson (JIRA)" <ji...@apache.org> on 2015/02/16 13:37:12 UTC
[jira] [Commented] (CASSANDRA-8751) C* should always listen to both
ssl/non-ssl ports
[ https://issues.apache.org/jira/browse/CASSANDRA-8751?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14322714#comment-14322714 ]
Mike Adamson commented on CASSANDRA-8751:
-----------------------------------------
Why not have a single socket supporting TLS. The socket could / would then support encrypted and unencrypted connections.This could be controlled by configuration as to whether unencrypted connections are allowed.
> C* should always listen to both ssl/non-ssl ports
> -------------------------------------------------
>
> Key: CASSANDRA-8751
> URL: https://issues.apache.org/jira/browse/CASSANDRA-8751
> Project: Cassandra
> Issue Type: Improvement
> Components: Core
> Reporter: Minh Do
> Assignee: Minh Do
> Priority: Critical
>
> Since there is always one thread dedicated on server socket listener and it does not use much resource, we should always have these two listeners up no matter what users set for internode_encryption.
> The reason behind this is that we need to switch back and forth between different internode_encryption modes and we need C* servers to keep running in transient state or during mode switching. Currently this is not possible.
> For example, we have a internode_encryption=dc cluster in a multi-region AWS environment and want to set internode_encryption=all by rolling restart C* nodes. However, the node with internode_encryption=all does not open to listen to non-ssl port. As a result, we have a splitted brain cluster here.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)