You are viewing a plain text version of this content. The canonical link for it is here.

Posted to commits@cassandra.apache.org by "Per Otterström (JIRA)" <ji...@apache.org> on 2017/09/19 08:28:02 UTC

[jira] [Commented] (CASSANDRA-13404) Hostname verification for client-to-node encryption

    [ https://issues.apache.org/jira/browse/CASSANDRA-13404?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16171305#comment-16171305 ] 

Per Otterström commented on CASSANDRA-13404:
--------------------------------------------

Let me (colleague of Jan) add a little context to describe why we want hostname verification on the server side. In our deployments all peers (both clients and servers) will automatically get unique certificates signed for them. This allow us to limit access such that only trusted clients can connect to Cassandra. Hostname verification on the server side would improve security in that no one is able to copy a certificate from a client node to another location, and then use it to manipulate data in Cassandra.

The patch provided by Jan contain two different changes:

- The first is about setting the endpoint identification algorithm. This seem pretty straight forward as it is optional and in line with what we already have on the server-to-server communication.

- The second is about passing the remote peer information into the SSLEngine as it is created. This is necessary to make remote peer information available to the TrustManager when it is time to validate the certificate chain. And so without this second modification, the first change doesn't make much sense. I understand this change is in conflict with a potential performance improvement by reusing SSLContext's, but as Jan is pointing out, this patch set is only associating peer specific data with the SSLEngine's created from the SSLContext. The SSLContext itself could still be reused.

I understand this functionality is valuable to a very small group of users, but as it is optional I can not see the harm of adding it. Thoughts?

> Hostname verification for client-to-node encryption
> ---------------------------------------------------
>
>                 Key: CASSANDRA-13404
>                 URL: https://issues.apache.org/jira/browse/CASSANDRA-13404
>             Project: Cassandra
>          Issue Type: New Feature
>            Reporter: Jan Karlsson
>            Assignee: Jan Karlsson
>             Fix For: 4.x
>
>         Attachments: 13404-trunk.txt
>
>
> Similarily to CASSANDRA-9220, Cassandra should support hostname verification for client-node connections.



--
This message was sent by Atlassian JIRA
(v6.4.14#64029)

---------------------------------------------------------------------
To unsubscribe, e-mail: commits-unsubscribe@cassandra.apache.org
For additional commands, e-mail: commits-help@cassandra.apache.org