cassandra-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Robert Stupp (JIRA)" <>
Subject [jira] [Commented] (CASSANDRA-8751) C* should always listen to both ssl/non-ssl ports
Date Fri, 06 Nov 2015 21:28:11 GMT


Robert Stupp commented on CASSANDRA-8751:

It is possible to accept both SSL and non-SSL traffic using the same server socket as done
in CASSANDRA-10559. Could be easily done with CASSANDRA-8457 in the same way as CASSANDRA-10559
but maybe with some additional checks that _for example_ enforce encrypted and maybe certificate
authenticated for intra-DC traffic.

> C* should always listen to both ssl/non-ssl ports
> -------------------------------------------------
>                 Key: CASSANDRA-8751
>                 URL:
>             Project: Cassandra
>          Issue Type: Improvement
>            Reporter: Minh Do
>            Assignee: Minh Do
>            Priority: Critical
>             Fix For: 3.x
> Since there is always one thread dedicated on server socket listener and it does not
use much resource, we should always have these two listeners up no matter what users set for
> The reason behind this is that we need to switch back and forth between different internode_encryption
modes and we need C* servers to keep running in transient state or during mode switching.
 Currently this is not possible.
> For example, we have a internode_encryption=dc cluster in a multi-region AWS environment
and want to set internode_encryption=all by rolling restart C* nodes.  However, the node with
internode_encryption=all does not open to listen to non-ssl port.  As a result, we have a
splitted brain cluster here.

This message was sent by Atlassian JIRA

View raw message