cassandra-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Joey Lynch (Jira)" <>
Subject [jira] [Commented] (CASSANDRA-15262) server_encryption_options is not backwards compatible with 3.11
Date Thu, 07 May 2020 18:03:00 GMT


Joey Lynch commented on CASSANDRA-15262:

Alright CI runs for:
* [trunk|],
only two unrelated dtest failures.
* [2.2|]
has some errors, will double check they're unrelated
* [3.0|]
has some errors, will double check they're unrelated.

I think this patch is ready for review. I've put code comments indicating where we need to
do more refactoring in the future tickets (specifically splitting these classes and changing
the names to be sensible, e.g. require_client_auth is just odd in server options, but let's
defer that work to beta or rc).

[~benedict] or [~e.dimitrova] please let me know if you have any feedback on the patch (and
dtest patch) as is.

> server_encryption_options is not backwards compatible with 3.11
> ---------------------------------------------------------------
>                 Key: CASSANDRA-15262
>                 URL:
>             Project: Cassandra
>          Issue Type: Bug
>          Components: Local/Config
>            Reporter: Joey Lynch
>            Assignee: Joey Lynch
>            Priority: Normal
>             Fix For: 4.0, 4.0-alpha
> The current `server_encryption_options` configuration options are as follows:
> {noformat}
> server_encryption_options:
>     # set to true for allowing secure incoming connections
>     enabled: false
>     # If enabled and optional are both set to true, encrypted and unencrypted connections
are handled on the storage_port
>     optional: false
>     # if enabled, will open up an encrypted listening socket on ssl_storage_port. Should
be used
>     # during upgrade to 4.0; otherwise, set to false.
>     enable_legacy_ssl_storage_port: false
>     # on outbound connections, determine which type of peers to securely connect to.
'enabled' must be set to true.
>     internode_encryption: none
>     keystore: conf/.keystore
>     keystore_password: cassandra
>     truststore: conf/.truststore
>     truststore_password: cassandra
>     # More advanced defaults below:
>     # protocol: TLS
>     # store_type: JKS
>     # require_client_auth: false
>     # require_endpoint_verification: false
> {noformat}
> A couple of issues here:
> 1. optional defaults to false, which will break existing TLS configurations for (from
what I can tell) no particularly good reason
> 2. The provided protocol and cipher suites are not good ideas (in particular encouraging
anyone to use CBC ciphers is a bad plan
> I propose that before the 4.0 cut we fixup server_encryption_options and even client_encryption_options
> # Change the default {{optional}} setting to true. As the new Netty code intelligently
decides to open a TLS connection or not this is the more sensible default (saves operators
a step while transitioning to TLS as well)
> # Update the defaults to what netty actually defaults to

This message was sent by Atlassian Jira

To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message