accumulo-notifications mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Christopher Tubbs (JIRA)" <>
Subject [jira] [Commented] (ACCUMULO-1009) Support encryption over the wire
Date Wed, 09 Oct 2013 20:56:41 GMT


Christopher Tubbs commented on ACCUMULO-1009:

keytool-maven-plugin supports key generation prior to jdk 1.7. You just have to stick with
the same keystore for both keystore and truststore for testing, until 1.7, when you can do
CSRs. openssl can still do certificate generation with the exec plugin, regardless of the
jdk version.

However, I don't see an issue with a test scope solution, because we're not encouraging users
to rely on Accumulo to generate certs, and we're not shipping the extra dependencies.

As for the ZK breakage, I think it would have been nice to fall back to JSSE options configured
in system properties rather than config. But if that fallback can't be tested due to the breakage
of ZK, don't bother. We can add that when we can test it. It's sufficient to rely only on
the context-prefixed JSSE properties carried in the configuration files.

> Support encryption over the wire
> --------------------------------
>                 Key: ACCUMULO-1009
>                 URL:
>             Project: Accumulo
>          Issue Type: New Feature
>            Reporter: Keith Turner
>            Assignee: Michael Berman
>             Fix For: 1.6.0
>         Attachments: ACCUMULO-1009_thriftSsl-2013-10-4.patch, ACCUMULO-1009_thriftSsl.patch
> Need to support encryption between ACCUMULO clients and servers.  Also need to encrypt
communications between server and servers.   
> Basically need to make it possible for users to enable SSL+thrift.

This message was sent by Atlassian JIRA

View raw message