cassandra-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Michael Shuler (JIRA)" <j...@apache.org>
Subject [jira] [Assigned] (CASSANDRA-7528) certificate not validated for internode SSL encryption.
Date Thu, 10 Jul 2014 01:51:04 GMT

     [ https://issues.apache.org/jira/browse/CASSANDRA-7528?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]

Michael Shuler reassigned CASSANDRA-7528:
-----------------------------------------

    Assignee: Michael Shuler

> certificate not validated for internode SSL encryption.
> -------------------------------------------------------
>
>                 Key: CASSANDRA-7528
>                 URL: https://issues.apache.org/jira/browse/CASSANDRA-7528
>             Project: Cassandra
>          Issue Type: Improvement
>          Components: Core
>         Environment: Amazon Linux on various AWS EC2 instance types.
>            Reporter: Joseph Clark
>            Assignee: Michael Shuler
>
> An expired certificate may be used to encrypt internode communication.
> To reproduce, set the server_encryption_options to enable internode encryption. Add the
private key to the specified .keystore, and an expired certificate generated using the private
key to the specified truststore. The same keys are used far all cassandra nodes in the cluster.

> When cassandra is started, it is able to communicate with other cassandra nodes even
though the certificate is expired.



--
This message was sent by Atlassian JIRA
(v6.2#6252)

Mime
View raw message