cassandra-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Mike Adamson (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (CASSANDRA-8751) C* should always listen to both ssl/non-ssl ports
Date Wed, 25 Feb 2015 21:23:04 GMT

    [ https://issues.apache.org/jira/browse/CASSANDRA-8751?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14337232#comment-14337232
] 

Mike Adamson commented on CASSANDRA-8751:
-----------------------------------------

TLS is a transport level protocol and is initiated on top of an unencrypted connection. It
would be possible using that to run both encrypted and unencrypted sessions on the same port.

> C* should always listen to both ssl/non-ssl ports
> -------------------------------------------------
>
>                 Key: CASSANDRA-8751
>                 URL: https://issues.apache.org/jira/browse/CASSANDRA-8751
>             Project: Cassandra
>          Issue Type: Improvement
>          Components: Core
>            Reporter: Minh Do
>            Assignee: Minh Do
>            Priority: Critical
>
> Since there is always one thread dedicated on server socket listener and it does not
use much resource, we should always have these two listeners up no matter what users set for
internode_encryption.
> The reason behind this is that we need to switch back and forth between different internode_encryption
modes and we need C* servers to keep running in transient state or during mode switching.
 Currently this is not possible.
> For example, we have a internode_encryption=dc cluster in a multi-region AWS environment
and want to set internode_encryption=all by rolling restart C* nodes.  However, the node with
internode_encryption=all does not open to listen to non-ssl port.  As a result, we have a
splitted brain cluster here.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Mime
View raw message