You are viewing a plain text version of this content. The canonical link for it is here.

Posted to commits@cassandra.apache.org by "John Sanda (JIRA)" <ji...@apache.org> on 2019/05/20 21:03:00 UTC

[jira] [Created] (CASSANDRA-15132) one-way TLS authentication for client encryption is broken

John Sanda created CASSANDRA-15132:
--------------------------------------

             Summary: one-way TLS authentication for client encryption is broken
                 Key: CASSANDRA-15132
                 URL: https://issues.apache.org/jira/browse/CASSANDRA-15132
             Project: Cassandra
          Issue Type: Bug
          Components: Feature/Encryption
            Reporter: John Sanda


CASSANDRA-14652 caused a regression for client/native transport encryption. It broken one-way TLS authentication where only the client authenticates the coordinator node's certificate chain. This would be configured in cassandra.yaml as such:

{noformat}
client_encryption_options:
  enabled: true
  keystore: /path/to/keystore
  keystore_password: my_keystore_password
  optional: false
  require_client_auth: false
{noformat}

With the changes in CASSANDRA-14652, ServerConnection.java always assumes that there will always be a client certificate chain, which will not be the case with the above configuration.



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

---------------------------------------------------------------------
To unsubscribe, e-mail: commits-unsubscribe@cassandra.apache.org
For additional commands, e-mail: commits-help@cassandra.apache.org