You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@cassandra.apache.org by "Jason Brown (JIRA)" <ji...@apache.org> on 2017/08/23 22:18:01 UTC
[jira] [Resolved] (CASSANDRA-5290) Refactor inter-node SSL support
to make it possible enable without total cluster downtime
[ https://issues.apache.org/jira/browse/CASSANDRA-5290?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Jason Brown resolved CASSANDRA-5290.
------------------------------------
Resolution: Duplicate
> Refactor inter-node SSL support to make it possible enable without total cluster downtime
> -----------------------------------------------------------------------------------------
>
> Key: CASSANDRA-5290
> URL: https://issues.apache.org/jira/browse/CASSANDRA-5290
> Project: Cassandra
> Issue Type: Improvement
> Reporter: Marcus Eriksson
> Priority: Minor
>
> should be possible by doing something similar to what compression does today:
> * node A connects to node B, indicating that it wants SSL
> * node A and B upgrade/wrap sockets
> * node B must still be able to talk to A (and all other nodes) without SSL
> nothing secret is shared during hand shake phase
> one difference compared to compression is that after the cluster is rolled there must be a way to not allow any non-ssl talk at all to avoid any plaintext-communication due to configuration mistakes. this should be doable via configuration and perhaps JMX
--
This message was sent by Atlassian JIRA
(v6.4.14#64029)
---------------------------------------------------------------------
To unsubscribe, e-mail: commits-unsubscribe@cassandra.apache.org
For additional commands, e-mail: commits-help@cassandra.apache.org