You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@ignite.apache.org by "Ilya Kasnacheev (JIRA)" <ji...@apache.org> on 2017/08/23 12:16:00 UTC
[jira] [Commented] (IGNITE-6168) Ability to use TLS client
authentication in the TcpDiscoverySpi
[ https://issues.apache.org/jira/browse/IGNITE-6168?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16138272#comment-16138272 ]
Ilya Kasnacheev commented on IGNITE-6168:
-----------------------------------------
[~jens.borgland] This looks like an issue indeed, because it is possible for two nodes to be stuck in "discovered but not connected and trying to connect forever" livelock state for good as I have just confirmed. I think that mutual TLS should be the only option in TcpDiscoverySpi.
> Ability to use TLS client authentication in the TcpDiscoverySpi
> ---------------------------------------------------------------
>
> Key: IGNITE-6168
> URL: https://issues.apache.org/jira/browse/IGNITE-6168
> Project: Ignite
> Issue Type: Wish
> Affects Versions: 2.1
> Reporter: Jens Borgland
>
> I'm working on an application where we use mutual TLS to protect the communication (of different kinds) between the components. It seems like Ignite uses mutual TLS for the TcpCommunicationSpi but not for the TcpDiscoverySpi. Would it be possible to add this ability (one way could perhaps be by implementing IGNITE-6167 so that it can be done through a custom socket factory)?
> I'm aware that there are other client authentication options for the discovery SPI but it would be nice to be able to use the same mechanism everywhere.
--
This message was sent by Atlassian JIRA
(v6.4.14#64029)