cassandra-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Nirmal Ranganathan (JIRA)" <j...@apache.org>
Subject [jira] Commented: (CASSANDRA-1567) Provide configurable encryption support for internode communication
Date Wed, 12 Jan 2011 02:04:46 GMT

    [ https://issues.apache.org/jira/browse/CASSANDRA-1567?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12980503#action_12980503
] 

Nirmal Ranganathan commented on CASSANDRA-1567:
-----------------------------------------------

Pavel: I've updated based on your notes, btw sizeMemtableThroughput and sizeMemtableOperations
shouldn't be there in the first place, I think it got left behind in one of my rebases, removed
it now.

StuHood: Thanks for looking through it, I've added comments to explain why SSLSocket/SSLServerSocket
cannot encrypt data transferred using FileChannel.transferTo/transferFrom. 

Gary: As StuHood mentioned that's the reason the additional SSL versions. But all internode
data is getting encrypted.

> Provide configurable encryption support for internode communication
> -------------------------------------------------------------------
>
>                 Key: CASSANDRA-1567
>                 URL: https://issues.apache.org/jira/browse/CASSANDRA-1567
>             Project: Cassandra
>          Issue Type: New Feature
>          Components: Core
>            Reporter: Nirmal Ranganathan
>            Assignee: Nirmal Ranganathan
>             Fix For: 0.7.1
>
>         Attachments: 0002-Configurable-internode-encryption-option-V2.patch, 0002-Configurable-internode-encryption-option.patch,
0003-Default-Key-and-Certificate-for-internode-SSL-V2.patch, 0003-Default-Key-and-Certificate-for-internode-SSL.patch
>
>
> Provide the option to encrypt internode communication. The initial thought is to use
JSSE (http://download.oracle.com/javase/6/docs/technotes/guides/security/jsse/JSSERefGuide.html)
to wrap the existing ServerSocket & Sockets. This will only be an optional configuration
and not enabled by default. The defaults would be TLS V1, RSA 1024-bit keys for handshake
and SSL_RSA_WITH_RC4_128_MD5 as the cipher suite. Although this can be made configurable if
the need arises. 

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.


Mime
View raw message