cassandra-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Nirmal Ranganathan (JIRA)" <>
Subject [jira] Commented: (CASSANDRA-1567) Provide configurable encryption support for internode communication
Date Wed, 12 Jan 2011 02:04:46 GMT


Nirmal Ranganathan commented on CASSANDRA-1567:

Pavel: I've updated based on your notes, btw sizeMemtableThroughput and sizeMemtableOperations
shouldn't be there in the first place, I think it got left behind in one of my rebases, removed
it now.

StuHood: Thanks for looking through it, I've added comments to explain why SSLSocket/SSLServerSocket
cannot encrypt data transferred using FileChannel.transferTo/transferFrom. 

Gary: As StuHood mentioned that's the reason the additional SSL versions. But all internode
data is getting encrypted.

> Provide configurable encryption support for internode communication
> -------------------------------------------------------------------
>                 Key: CASSANDRA-1567
>                 URL:
>             Project: Cassandra
>          Issue Type: New Feature
>          Components: Core
>            Reporter: Nirmal Ranganathan
>            Assignee: Nirmal Ranganathan
>             Fix For: 0.7.1
>         Attachments: 0002-Configurable-internode-encryption-option-V2.patch, 0002-Configurable-internode-encryption-option.patch,
0003-Default-Key-and-Certificate-for-internode-SSL-V2.patch, 0003-Default-Key-and-Certificate-for-internode-SSL.patch
> Provide the option to encrypt internode communication. The initial thought is to use
to wrap the existing ServerSocket & Sockets. This will only be an optional configuration
and not enabled by default. The defaults would be TLS V1, RSA 1024-bit keys for handshake
and SSL_RSA_WITH_RC4_128_MD5 as the cipher suite. Although this can be made configurable if
the need arises. 

This message is automatically generated by JIRA.
You can reply to this email to add a comment to the issue online.

View raw message