Return-Path: X-Original-To: apmail-cassandra-commits-archive@www.apache.org Delivered-To: apmail-cassandra-commits-archive@www.apache.org Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by minotaur.apache.org (Postfix) with SMTP id A07D817E09 for ; Fri, 4 Sep 2015 13:23:46 +0000 (UTC) Received: (qmail 49828 invoked by uid 500); 4 Sep 2015 13:23:46 -0000 Delivered-To: apmail-cassandra-commits-archive@cassandra.apache.org Received: (qmail 49796 invoked by uid 500); 4 Sep 2015 13:23:46 -0000 Mailing-List: contact commits-help@cassandra.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: dev@cassandra.apache.org Delivered-To: mailing list commits@cassandra.apache.org Received: (qmail 49782 invoked by uid 99); 4 Sep 2015 13:23:46 -0000 Received: from arcas.apache.org (HELO arcas.apache.org) (140.211.11.28) by apache.org (qpsmtpd/0.29) with ESMTP; Fri, 04 Sep 2015 13:23:46 +0000 Date: Fri, 4 Sep 2015 13:23:46 +0000 (UTC) From: "Robert Stupp (JIRA)" To: commits@cassandra.apache.org Message-ID: In-Reply-To: References: Subject: [jira] [Commented] (CASSANDRA-9590) Support for both encrypted and unencrypted native transport connections MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 7bit X-JIRA-FingerPrint: 30527f35849b9dde25b450d4833f0394 [ https://issues.apache.org/jira/browse/CASSANDRA-9590?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14730823#comment-14730823 ] Robert Stupp commented on CASSANDRA-9590: ----------------------------------------- Ok, I've reset "my" branch to your branch and rebased against current 3.0 branch. Let's see what cassci says. > Support for both encrypted and unencrypted native transport connections > ----------------------------------------------------------------------- > > Key: CASSANDRA-9590 > URL: https://issues.apache.org/jira/browse/CASSANDRA-9590 > Project: Cassandra > Issue Type: Improvement > Components: Core > Reporter: Stefan Podkowinski > Assignee: Stefan Podkowinski > Fix For: 2.1.x > > Attachments: nosetest_output.txt > > > Enabling encryption for native transport currently turns SSL exclusively on or off for the opened socket. Migrating from plain to encrypted requires to migrate all native clients as well and redeploy all of them at the same time after starting the SSL enabled Cassandra nodes. > This patch would allow to start Cassandra with both an unencrypted and ssl enabled native port. Clients can connect to either, based whether they support ssl or not. > This has been implemented by introducing a new {{native_transport_port_ssl}} config option. > There would be three scenarios: > * client encryption disabled, {{native_transport_port}} unencrypted, {{native_transport_port_ssl}} not used > * client encryption enabled, {{native_transport_port_ssl}} not set, {{native_transport_port}} encrypted > * client encryption enabled, {{native_transport_port_ssl}} set, {{native_transport_port}} unencrypted, {{native_transport_port_ssl}} encrypted > This approach would keep configuration behavior fully backwards compatible. > Patch proposal: [Branch|https://github.com/spodkowinski/cassandra/tree/cassandra-9590], [Diff cassandra-3.0|https://github.com/apache/cassandra/compare/cassandra-3.0...spodkowinski:cassandra-9590], [Patch against cassandra-3.0|https://github.com/apache/cassandra/compare/cassandra-3.0...spodkowinski:cassandra-9590.patch] > DTest: [Branch|https://github.com/spodkowinski/cassandra-dtest/tree/cassandra-9590], [Diff master|https://github.com/riptano/cassandra-dtest/compare/master...spodkowinski:cassandra-9590], [Pull Request|https://github.com/riptano/cassandra-dtest/pull/530] -- This message was sent by Atlassian JIRA (v6.3.4#6332)