You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@cassandra.apache.org by "John Sanda (JIRA)" <ji...@apache.org> on 2019/05/20 21:03:00 UTC
[jira] [Created] (CASSANDRA-15132) one-way TLS authentication for
client encryption is broken
John Sanda created CASSANDRA-15132:
--------------------------------------
Summary: one-way TLS authentication for client encryption is broken
Key: CASSANDRA-15132
URL: https://issues.apache.org/jira/browse/CASSANDRA-15132
Project: Cassandra
Issue Type: Bug
Components: Feature/Encryption
Reporter: John Sanda
CASSANDRA-14652 caused a regression for client/native transport encryption. It broken one-way TLS authentication where only the client authenticates the coordinator node's certificate chain. This would be configured in cassandra.yaml as such:
{noformat}
client_encryption_options:
enabled: true
keystore: /path/to/keystore
keystore_password: my_keystore_password
optional: false
require_client_auth: false
{noformat}
With the changes in CASSANDRA-14652, ServerConnection.java always assumes that there will always be a client certificate chain, which will not be the case with the above configuration.
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
---------------------------------------------------------------------
To unsubscribe, e-mail: commits-unsubscribe@cassandra.apache.org
For additional commands, e-mail: commits-help@cassandra.apache.org