You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@cassandra.apache.org by er...@apache.org on 2022/02/24 22:54:59 UTC

[cassandra-website] branch trunk updated (bf13699 -> f87cab1)

This is an automated email from the ASF dual-hosted git repository.

erickramirezau pushed a change to branch trunk
in repository https://gitbox.apache.org/repos/asf/cassandra-website.git.


    omit bf13699  Update Tightening-Security-for-Apache-Cassandra-Part-3.adoc
    omit ea0ff1c  Fixing live blog to reflect correct target version of AC with the new feature
     new f87cab1  CASSANDRA-17396 Updated blog "Tightening Security part 3" with correct C* version

This update added new revisions after undoing existing revisions.
That is to say, some revisions that were in the old version of the
branch are not in the new version.  This situation occurs
when a user --force pushes a change and generates a repository
containing something like this:

 * -- * -- B -- O -- O -- O   (bf13699)
            \
             N -- N -- N   refs/heads/trunk (f87cab1)

You should already have received notification emails for all of the O
revisions, and so the following emails describe only the N revisions
from the common base, B.

Any revisions marked "omit" are not gone; other references still
refer to them.  Any revisions marked "discard" are gone forever.

The 1 revisions listed above as "new" are entirely new to this
repository and will be described in separate emails.  The revisions
listed as "add" were already present in the repository and have only
been added to this reference.


Summary of changes:

---------------------------------------------------------------------
To unsubscribe, e-mail: commits-unsubscribe@cassandra.apache.org
For additional commands, e-mail: commits-help@cassandra.apache.org

[cassandra-website] 01/01: CASSANDRA-17396 Updated blog "Tightening Security part 3" with correct C* version

Posted by er...@apache.org.
This is an automated email from the ASF dual-hosted git repository.

erickramirezau pushed a commit to branch trunk
in repository https://gitbox.apache.org/repos/asf/cassandra-website.git

commit f87cab1151620a2f496f9fa29d5a93d8fd68308e
Author: Maulin Vasavada <mv...@paypal.com>
AuthorDate: Fri Feb 18 13:24:50 2022 -0800

    CASSANDRA-17396 Updated blog "Tightening Security part 3" with correct C* version
    
    patch by Maulin Vasavada; reviewed by Erick Ramirez for CASSANDRA-17396
---
 .../Tightening-Security-for-Apache-Cassandra-Part-3.adoc     | 12 +++++++-----
 1 file changed, 7 insertions(+), 5 deletions(-)

diff --git a/site-content/source/modules/ROOT/pages/blog/Tightening-Security-for-Apache-Cassandra-Part-3.adoc b/site-content/source/modules/ROOT/pages/blog/Tightening-Security-for-Apache-Cassandra-Part-3.adoc
index c8ac3fb..1c40fb5 100644
--- a/site-content/source/modules/ROOT/pages/blog/Tightening-Security-for-Apache-Cassandra-Part-3.adoc
+++ b/site-content/source/modules/ROOT/pages/blog/Tightening-Security-for-Apache-Cassandra-Part-3.adoc
@@ -11,11 +11,11 @@
 .Image credit: https://unsplash.com/@zenchic[Jennefer Zacarias^]
 image::blog/tightening-security-for-apache-cassandra-p3-unsplash-jennefer-zacarias.jpg[3-4]
 
-In xref:blog/Tightening-Security-for-Apache-Cassandra-Part-2.adoc[Part-2] of this series, we explored avenues for securing data in transit and described how to configure TLS/mTLS with Apache Cassandra 4.0. In Part 3, we’ll look at how you can customize TLS/mTLS for Apache Cassandra 4.0+ to overcome the challenges with a TLS configuration.
+In xref:blog/Tightening-Security-for-Apache-Cassandra-Part-2.adoc[Part-2] of this series, we explored avenues for securing data in transit and described how to configure TLS/mTLS with Apache Cassandra 4.0. In Part 3, we’ll look at how you can customize TLS/mTLS for Apache Cassandra 4.1+ to overcome the challenges with a TLS configuration.
 
-=== How We Made TLS Configuration Better With 4.0
+=== How We Made TLS Configuration Better With 4.1
 
-With Apache Cassandra 4.0, https://cwiki.apache.org/confluence/display/CASSANDRA/CEP-9%3A+Make+SSLContext+creation+pluggable[we enhanced^] the TLS/mTLS configuration to allow for specifying custom ways to build SSLContext and we provided a default implementation for backward compatibility. We introduced a new configuration, `ssl_context_factory`, where you can specify your custom class to build SSLContext objects required by Java/Netty SSL libraries. You can also add custom properties to [...]
+With Apache Cassandra 4.1, https://cwiki.apache.org/confluence/display/CASSANDRA/CEP-9%3A+Make+SSLContext+creation+pluggable[we enhanced^] the TLS/mTLS configuration to allow for specifying custom ways to build SSLContext and we provided a default implementation for backward compatibility. We introduced a new configuration, `ssl_context_factory`, where you can specify your custom class to build SSLContext objects required by Java/Netty SSL libraries. You can also add custom properties to [...]
 
 To demonstrate this customization, let’s use the example of Kubernetes, the popular cloud-native solution. Kubernetes allows configuring https://kubernetes.io/docs/concepts/configuration/secret/[Secrets^] to store sensitive data. We could potentially use K8s Secrets to store the keystore and truststore artifacts along with their respective passwords. We will assume Apache Cassandra is already running in a K8s environment.
 
@@ -67,7 +67,7 @@ apiVersion: v1
            path: truststore-last-updatedtime
 ```
 
-We will use the https://github.com/apache/cassandra/blob/trunk/examples/ssl-factory/src/org/apache/cassandra/security/KubernetesSecretsSslContextFactory.java[‘KubernetesSecretsSslContextFactory’^] class from Apache Cassandra 4.0 as an example for how to customize the TLS configuration via Kubernetes Secrets as loaded by the pod definition (above). 
+We will use the https://github.com/apache/cassandra/blob/trunk/examples/ssl-factory/src/org/apache/cassandra/security/KubernetesSecretsSslContextFactory.java[‘KubernetesSecretsSslContextFactory’^] class from Apache Cassandra 4.1 as an example for how to customize the TLS configuration via Kubernetes Secrets as loaded by the pod definition (above). 
 
 ==== Example Custom TLS Configuration for K8s Secrets
 
@@ -94,4 +94,6 @@ image::blog/Cassandra-SslContextFactory.png[A diagram of Apache Cassandra’s ex
 === Future work
 On top of having the ability to customize TLS configuration, the community is https://issues.apache.org/jira/browse/CASSANDRA-17031[working on^] supporting other popular formats for security credentials, such as https://www.ssl.com/guide/pem-der-crt-and-cer-x-509-encodings-and-conversions/[PEM^] (originally “**P**rivacy **E**nhanced **M**ail”).
 
-As the Apache Cassandra community, our goal is to provide best-in-class software and keep enhancing it as the use-cases and requirements grow and evolve over time. I hope this particular enhancement makes Cassandra operators’ life easier while supporting industry standards for data security.
\ No newline at end of file
+As the Apache Cassandra community, our goal is to provide best-in-class software and keep enhancing it as the use-cases and requirements grow and evolve over time. I hope this particular enhancement makes Cassandra operators’ life easier while supporting industry standards for data security.
+
+_Update: The original blog has been updated to correctly reflect Apache Cassandra version 4.1 for the SSL Context's customization feature. Apache Cassandra 4.1 changes are targeted to freeze in May 2022 and released in July 2022_

---------------------------------------------------------------------
To unsubscribe, e-mail: commits-unsubscribe@cassandra.apache.org
For additional commands, e-mail: commits-help@cassandra.apache.org