cassandra-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Jason Brown (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (CASSANDRA-10404) Node to Node encryption transitional mode
Date Fri, 27 Oct 2017 17:12:00 GMT

    [ https://issues.apache.org/jira/browse/CASSANDRA-10404?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16222694#comment-16222694
] 

Jason Brown commented on CASSANDRA-10404:
-----------------------------------------

I've updated the yaml and NEWS with what I think is pertinent enough information. I'm thinking
about putting a full treatment of the changes/implications for SSL use into the security doc
(will open a ticket for it).

In other related news, reading through the yaml's {{server_encryption_options}}, there's reference
to to FIPS-140 support via JDK configuration. I didn't know this was a thing until I read
that, and apparently there's some precedent in the project for using it (or at least reporting
when we broke it: CASSANDRA-6613). For the scope of this ticket, I'm going to leave the comment
in the yaml as-is. Independently, I'll do some research and testing to see if CASSANDRA-8457
indeed still supports FIPS mode; will also chat with the netty maintainers, as well. If CASSANDRA-8457
and the updated SSL support (via either JDK or openssl) via netty broke FIPS support, I'll
open a new ticket and fix it there.


> Node to Node encryption transitional mode
> -----------------------------------------
>
>                 Key: CASSANDRA-10404
>                 URL: https://issues.apache.org/jira/browse/CASSANDRA-10404
>             Project: Cassandra
>          Issue Type: New Feature
>            Reporter: Tom Lewis
>            Assignee: Jason Brown
>             Fix For: 4.x
>
>
> Create a transitional mode for encryption that allows encrypted and unencrypted traffic
node-to-node during a change over to encryption from unencrypted. This alleviates downtime
during the switch.
>  This is similar to CASSANDRA-10559 which is intended for client-to-node



--
This message was sent by Atlassian JIRA
(v6.4.14#64029)

---------------------------------------------------------------------
To unsubscribe, e-mail: commits-unsubscribe@cassandra.apache.org
For additional commands, e-mail: commits-help@cassandra.apache.org


Mime
View raw message