You are viewing a plain text version of this content. The canonical link for it is here.

Posted to commits@cassandra.apache.org by "Joseph Clark (JIRA)" <ji...@apache.org> on 2014/07/09 19:13:04 UTC

[jira] [Created] (CASSANDRA-7528) certificate not validated for internode SSL encryption.

Joseph Clark created CASSANDRA-7528:
---------------------------------------

             Summary: certificate not validated for internode SSL encryption.
                 Key: CASSANDRA-7528
                 URL: https://issues.apache.org/jira/browse/CASSANDRA-7528
             Project: Cassandra
          Issue Type: Improvement
          Components: Core
         Environment: Amazon Linux on various AWS EC2 instance types.
            Reporter: Joseph Clark
             Fix For: 1.2.16


An expired certificate may be used to encrypt internode communication.

To reproduce, set the server_encryption_options to enable internode encryption. Add the private key to the specified .keystore, and an expired certificate generated using the private key to the specified truststore. The same keys are used far all cassandra nodes in the cluster. 

When cassandra is started, it is able to communicate with other cassandra nodes even though the certificate is expired.



--
This message was sent by Atlassian JIRA
(v6.2#6252)