cassandra-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Jason Brown (JIRA)" <>
Subject [jira] [Commented] (CASSANDRA-10404) Node to Node encryption transitional mode
Date Fri, 27 Oct 2017 17:12:00 GMT


Jason Brown commented on CASSANDRA-10404:

I've updated the yaml and NEWS with what I think is pertinent enough information. I'm thinking
about putting a full treatment of the changes/implications for SSL use into the security doc
(will open a ticket for it).

In other related news, reading through the yaml's {{server_encryption_options}}, there's reference
to to FIPS-140 support via JDK configuration. I didn't know this was a thing until I read
that, and apparently there's some precedent in the project for using it (or at least reporting
when we broke it: CASSANDRA-6613). For the scope of this ticket, I'm going to leave the comment
in the yaml as-is. Independently, I'll do some research and testing to see if CASSANDRA-8457
indeed still supports FIPS mode; will also chat with the netty maintainers, as well. If CASSANDRA-8457
and the updated SSL support (via either JDK or openssl) via netty broke FIPS support, I'll
open a new ticket and fix it there.

> Node to Node encryption transitional mode
> -----------------------------------------
>                 Key: CASSANDRA-10404
>                 URL:
>             Project: Cassandra
>          Issue Type: New Feature
>            Reporter: Tom Lewis
>            Assignee: Jason Brown
>             Fix For: 4.x
> Create a transitional mode for encryption that allows encrypted and unencrypted traffic
node-to-node during a change over to encryption from unencrypted. This alleviates downtime
during the switch.
>  This is similar to CASSANDRA-10559 which is intended for client-to-node

This message was sent by Atlassian JIRA

To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message