You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@cassandra.apache.org by "Jyothsna Konisa (Jira)" <ji...@apache.org> on 2022/10/03 22:34:00 UTC
[jira] [Updated] (CASSANDRA-17923) Mixed mode support for internode authentication during TLS upgrades
[ https://issues.apache.org/jira/browse/CASSANDRA-17923?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Jyothsna Konisa updated CASSANDRA-17923:
----------------------------------------
Reviewers: Jon Meredith, Yifan Cai
Source Control Link: https://github.com/apache/cassandra/pull/1884
Test and Documentation Plan:
Added test cases to test internode TLS support for scenarios like upgrading and downgrading clusters. Also tested this TLS mixed mode operation using CCM locally.
[https://app.circleci.com/pipelines/github/jyothsnakonisa/cassandra?branch=mixmode-internode-auth] [https://app.circleci.com/pipelines/github/jyothsnakonisa/cassandra?branch=mixmode-internode-auth]
Tester: Jyothsna Konisa
> Mixed mode support for internode authentication during TLS upgrades
> -------------------------------------------------------------------
>
> Key: CASSANDRA-17923
> URL: https://issues.apache.org/jira/browse/CASSANDRA-17923
> Project: Cassandra
> Issue Type: New Feature
> Reporter: Jyothsna Konisa
> Assignee: Jyothsna Konisa
> Priority: Normal
>
> During upgrades from "non-ssl -> ssl" or "ssl-mTLS" the cluster should be able to function in mixed mode with some nodes supporting "non-ssl" authentication and the new nodes supporting "mTLS" authentication. Currently we do not have this supported and because of which upgrades are not possible for upgrading internode authentication strategies.
> If a node is configured in optional mode for internode connections, retry with other SSL strategies If the node is not able to connect to other nodes due to authentication problems.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
---------------------------------------------------------------------
To unsubscribe, e-mail: commits-unsubscribe@cassandra.apache.org
For additional commands, e-mail: commits-help@cassandra.apache.org