cassandra-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Robert Stupp (JIRA)" <>
Subject [jira] [Commented] (CASSANDRA-9590) Support for both encrypted and unencrypted native transport connections
Date Fri, 04 Sep 2015 08:50:46 GMT


Robert Stupp commented on CASSANDRA-9590:

Changes look good.
Cassci will be working on the changes and [results should appear shortly|].

But dtest needs to be fixed - the fix is quite simple.
{{ssl_opts={'ca_certs': os.path.join(self.test_path, 'keystore.jks')} }} needs to be changed
{{ssl_opts={'ca_certs': os.path.join(self.test_path, 'ccm_node.cer')} }}.
/cc [~philipthompson] 

> Support for both encrypted and unencrypted native transport connections
> -----------------------------------------------------------------------
>                 Key: CASSANDRA-9590
>                 URL:
>             Project: Cassandra
>          Issue Type: Improvement
>          Components: Core
>            Reporter: Stefan Podkowinski
>            Assignee: Stefan Podkowinski
>             Fix For: 2.1.x
>         Attachments: nosetest_output.txt
> Enabling encryption for native transport currently turns SSL exclusively on or off for
the opened socket. Migrating from plain to encrypted requires to migrate all native clients
as well and redeploy all of them at the same time after starting the SSL enabled Cassandra
> This patch would allow to start Cassandra with both an unencrypted and ssl enabled native
port. Clients can connect to either, based whether they support ssl or not.
> This has been implemented by introducing a new {{native_transport_port_ssl}} config option.

> There would be three scenarios:
> * client encryption disabled, {{native_transport_port}} unencrypted, {{native_transport_port_ssl}}
not used
> * client encryption enabled, {{native_transport_port_ssl}} not set, {{native_transport_port}}
> * client encryption enabled, {{native_transport_port_ssl}} set, {{native_transport_port}}
unencrypted, {{native_transport_port_ssl}} encrypted
> This approach would keep configuration behavior fully backwards compatible.
> Patch proposal: [Branch|],
[Diff cassandra-3.0|],
[Patch against cassandra-3.0|]
> DTest: [Branch|],
[Diff master|],
[Pull Request|]

This message was sent by Atlassian JIRA

View raw message