cassandra-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Nirmal Ranganathan (JIRA)" <j...@apache.org>
Subject [jira] Commented: (CASSANDRA-1567) Provide configurable encryption support for internode communication
Date Mon, 18 Oct 2010 23:25:31 GMT

    [ https://issues.apache.org/jira/browse/CASSANDRA-1567?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12922349#action_12922349
] 

Nirmal Ranganathan commented on CASSANDRA-1567:
-----------------------------------------------

bq. For 0001, I would really like to see an A(bstract)StreamableSocket rather than complete
duplication of the Stream classes
Done
bq. Rather than a boolean, the internode_encryption setting should probably be an enum, to
leave room to add conditional encryption based on zones returned by the snitch
Updated to use an enum, just (all, none) for now.
bq. The SSL settings in JVM_OPTS should be disabled by default, and need a comment linking
to a place to get more information about the keystore and truststore files (probably the 'Creating
Keystores' section of the link in the description)
Having those properties in should not be a problem. We can provide a wiki page on how to get
everything setup. 

> Provide configurable encryption support for internode communication
> -------------------------------------------------------------------
>
>                 Key: CASSANDRA-1567
>                 URL: https://issues.apache.org/jira/browse/CASSANDRA-1567
>             Project: Cassandra
>          Issue Type: New Feature
>          Components: Core
>            Reporter: Nirmal Ranganathan
>            Assignee: Nirmal Ranganathan
>             Fix For: 0.7.1
>
>         Attachments: 0002-Configurable-internode-encryption-option.patch, 0003-Default-Key-and-Certificate-for-internode-SSL.patch
>
>
> Provide the option to encrypt internode communication. The initial thought is to use
JSSE (http://download.oracle.com/javase/6/docs/technotes/guides/security/jsse/JSSERefGuide.html)
to wrap the existing ServerSocket & Sockets. This will only be an optional configuration
and not enabled by default. The defaults would be TLS V1, RSA 1024-bit keys for handshake
and SSL_RSA_WITH_RC4_128_MD5 as the cipher suite. Although this can be made configurable if
the need arises. 

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.


Mime
View raw message