cassandra-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Stefan Podkowinski (JIRA)" <>
Subject [jira] [Commented] (CASSANDRA-10404) Node to Node encryption transitional mode
Date Mon, 09 Oct 2017 13:53:00 GMT


Stefan Podkowinski commented on CASSANDRA-10404:

bq. As I explained in the previous comment, this is the trickiest part of this patch. The
upgraded node, after it bounces, must have at least one 3.0 node connect to it

1) Would it make sense to fallback to {{SystemKeyspace.getReleaseVersion(ep)}} in case we
don't have the version available through gossip? The method seems to be dead code by now,
but the "peers" table is still being updated.

bq. Maybe we can add another property under the server_encryption_options, something like
enable_legacy_ssl_storage_port. That would also clean up MessagingService#listen a little
bit. wdyt?

2) Having that flag next to the new {{enabled}} flag should work. The yaml file needs attention
during upgrade anyways. So if you upgrade from 3.0 with ssl enabled, you'd have to set both
"enabled: true" and  "enable_legacy_ssl_storage_port: true" in your config.

3) Hostname verification: I've pushed a commit [here|]
that will honor the {{require_endpoint_verification}} flag for incoming connections.

4) If we want to avoid potential attacks with invalid or stolen certificates, we should also
enable {{require_client_auth}} by default. This should not cause any issues, as the truststores
need to be managed for outgoing connections anyways. So why not validate incoming connections
as well?

> Node to Node encryption transitional mode
> -----------------------------------------
>                 Key: CASSANDRA-10404
>                 URL:
>             Project: Cassandra
>          Issue Type: New Feature
>            Reporter: Tom Lewis
>            Assignee: Jason Brown
>             Fix For: 4.x
> Create a transitional mode for encryption that allows encrypted and unencrypted traffic
node-to-node during a change over to encryption from unencrypted. This alleviates downtime
during the switch.
>  This is similar to CASSANDRA-10559 which is intended for client-to-node

This message was sent by Atlassian JIRA

To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message