cassandra-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Vijay (JIRA)" <>
Subject [jira] [Commented] (CASSANDRA-4662) Core support for Thrift SSL integration
Date Wed, 19 Sep 2012 17:23:07 GMT


Vijay commented on CASSANDRA-4662:

1) IMO the changes to the configuration needs to be done in the major releases (changes in
encryption option name) so folks will notice NEWS.txt, the default is none if they dont read
2) ThriftSSLFactory is not called anywhere, am i missing something here? If we decide to use
ThriftSSLFactory is better served within the o.a.c.thrift (not sure if we need a seperate
class for this though)
        int clientTimeout = 10000;
Should be RPC Timeout, if you look at the thrift source it is client SoTimeout... 
Traditionally we dont set SoTimeout in the server for the client connections (You might want
to follow the same, because the other parts of cassandra will timeout just after the socket
timeout and the client will not receive the Operation timeout).
# this client encryption will only apply if you set rpc_server_type = sync.

Other concern have is either we support SSL or not, which is kind of hard in real life there
can be clients which might not need encryption enabled, for unencrypted ports can be easily
blocked via firewall.

It will be easier to review if we have stress modified and have an end to end test setup.
> Core support for Thrift SSL integration
> ---------------------------------------
>                 Key: CASSANDRA-4662
>                 URL:
>             Project: Cassandra
>          Issue Type: Sub-task
>          Components: Core
>            Reporter: Jason Brown
>            Assignee: Jason Brown
>             Fix For: 1.1.6
>         Attachments: 0001-CASSANDRA-4662.-Core-work-of-adding-thrift-ssl-suppo.patch
> Ticket to separate out the changes to yaml and cassandra/thrift code for the thrift SSL

This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see:

View raw message