You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@cassandra.apache.org by "John Sanda (JIRA)" <ji...@apache.org> on 2019/05/20 21:07:00 UTC
[jira] [Commented] (CASSANDRA-15132) one-way TLS authentication for
client encryption is broken
[ https://issues.apache.org/jira/browse/CASSANDRA-15132?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16844299#comment-16844299 ]
John Sanda commented on CASSANDRA-15132:
----------------------------------------
I pushed a fix at https://github.com/jsanda/cassandra/tree/tls-client-auth-patch.
> one-way TLS authentication for client encryption is broken
> ----------------------------------------------------------
>
> Key: CASSANDRA-15132
> URL: https://issues.apache.org/jira/browse/CASSANDRA-15132
> Project: Cassandra
> Issue Type: Bug
> Components: Feature/Encryption
> Reporter: John Sanda
> Priority: Normal
>
> CASSANDRA-14652 caused a regression for client/native transport encryption. It broken one-way TLS authentication where only the client authenticates the coordinator node's certificate chain. This would be configured in cassandra.yaml as such:
> {noformat}
> client_encryption_options:
> enabled: true
> keystore: /path/to/keystore
> keystore_password: my_keystore_password
> optional: false
> require_client_auth: false
> {noformat}
> With the changes in CASSANDRA-14652, ServerConnection.java always assumes that there will always be a client certificate chain, which will not be the case with the above configuration.
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
---------------------------------------------------------------------
To unsubscribe, e-mail: commits-unsubscribe@cassandra.apache.org
For additional commands, e-mail: commits-help@cassandra.apache.org