Return-Path: X-Original-To: apmail-cassandra-commits-archive@www.apache.org Delivered-To: apmail-cassandra-commits-archive@www.apache.org Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by minotaur.apache.org (Postfix) with SMTP id 9333A18099 for ; Fri, 9 Oct 2015 17:42:15 +0000 (UTC) Received: (qmail 70906 invoked by uid 500); 9 Oct 2015 17:42:06 -0000 Delivered-To: apmail-cassandra-commits-archive@cassandra.apache.org Received: (qmail 70876 invoked by uid 500); 9 Oct 2015 17:42:05 -0000 Mailing-List: contact commits-help@cassandra.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: dev@cassandra.apache.org Delivered-To: mailing list commits@cassandra.apache.org Received: (qmail 70860 invoked by uid 99); 9 Oct 2015 17:42:05 -0000 Received: from arcas.apache.org (HELO arcas.apache.org) (140.211.11.28) by apache.org (qpsmtpd/0.29) with ESMTP; Fri, 09 Oct 2015 17:42:05 +0000 Date: Fri, 9 Oct 2015 17:42:05 +0000 (UTC) From: "Jeremiah Jordan (JIRA)" To: commits@cassandra.apache.org Message-ID: In-Reply-To: References: Subject: [jira] [Commented] (CASSANDRA-9220) Hostname verification for node-to-node encryption MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 7bit X-JIRA-FingerPrint: 30527f35849b9dde25b450d4833f0394 [ https://issues.apache.org/jira/browse/CASSANDRA-9220?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14950842#comment-14950842 ] Jeremiah Jordan commented on CASSANDRA-9220: -------------------------------------------- Should we add it commented out to the client_encryption_options? This patch doesn't set this on Thrift server SSL connections. Those changes would go in o.a.c.t.CustomTThreadPoolServer if we care. > Hostname verification for node-to-node encryption > ------------------------------------------------- > > Key: CASSANDRA-9220 > URL: https://issues.apache.org/jira/browse/CASSANDRA-9220 > Project: Cassandra > Issue Type: New Feature > Components: Core > Reporter: Stefan Podkowinski > Assignee: Stefan Podkowinski > Fix For: 3.x > > Attachments: sslhostverification-2.0.patch > > > This patch will will introduce a new ssl server option: {{require_endpoint_verification}}. > Setting it will enable hostname verification for inter-node SSL communication. This is necessary to prevent man-in-the-middle attacks when building a trust chain against a common CA. See [here|https://tersesystems.com/2014/03/23/fixing-hostname-verification/] for background details. > Clusters that solely rely on importing all node certificates into each trust store (as described [here|http://docs.datastax.com/en/cassandra/2.0/cassandra/security/secureSSLCertificates_t.html]) are not effected. > Clusters that use the same common CA to sign node certificates are potentially affected. In case the CA signing process will allow other parties to generate certs for different purposes, those certificates could in turn be used for MITM attacks. The provided patch will allow to enable hostname verification to make sure not only to check if the cert is valid but also if it has been created for the host that we're about to connect. > Corresponding dtest: [Test for CASSANDRA-9220|https://github.com/riptano/cassandra-dtest/pull/237] > Github: > 2.0 -> [diff|https://github.com/apache/cassandra/compare/cassandra-2.0...spodkowinski:feat/sslhostverification], [patch|https://github.com/apache/cassandra/compare/cassandra-2.0...spodkowinski:feat/sslhostverification.patch], > Trunk -> [diff|https://github.com/apache/cassandra/compare/trunk...spodkowinski:feat/sslhostverification], [patch|https://github.com/apache/cassandra/compare/trunk...spodkowinski:feat/sslhostverification.patch] > Related patches from the client perspective: [Java|https://datastax-oss.atlassian.net/browse/JAVA-716], [Python|https://datastax-oss.atlassian.net/browse/PYTHON-296] -- This message was sent by Atlassian JIRA (v6.3.4#6332)