cassandra-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Jan Karlsson (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (CASSANDRA-13404) Hostname verification for client-to-node encryption
Date Thu, 06 Apr 2017 12:58:42 GMT

    [ https://issues.apache.org/jira/browse/CASSANDRA-13404?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15958876#comment-15958876
] 

Jan Karlsson commented on CASSANDRA-13404:
------------------------------------------

It is good that you made the distinction that MiM is not something that this ticket aims to
solve. Instead this ticket allows you to bind certificates to certain hosts to make it less
vulnerable. 

Applications which have to worry about rogue clients can use this on top of application side
authentication as an extra layer of security and have broader control over the clients that
connect to their server. 
{Quote}
I think it was mentioned somewhere that reusing SSLContext instances would be preferable in
the future due to performance reasons. We'd have to change the code to either return a shared
or a newly created instance if we would add this feature. 
{Quote}
Could you elaborate on this? Are we not using the same SSLContext and retrieving the engine
from it?

> Hostname verification for client-to-node encryption
> ---------------------------------------------------
>
>                 Key: CASSANDRA-13404
>                 URL: https://issues.apache.org/jira/browse/CASSANDRA-13404
>             Project: Cassandra
>          Issue Type: New Feature
>            Reporter: Jan Karlsson
>            Assignee: Jan Karlsson
>             Fix For: 4.x
>
>         Attachments: 13404-trunk.txt
>
>
> Similarily to CASSANDRA-9220, Cassandra should support hostname verification for client-node
connections.



--
This message was sent by Atlassian JIRA
(v6.3.15#6346)

Mime
View raw message