geode-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Mario Kevo <mario.k...@est.tech>
Subject Re: ssl configuration parameters
Date Fri, 27 Sep 2019 07:20:25 GMT
A correction is needed here, this seems to actually work. The catch is
that if a JmxOperationInvoker is created from a client with a “ssl-
enabled-components” scope broader than the one defined on the locators
and servers, it seems to override it “cluster” scope. Is this behavior
expected?
 

On Thu, 2019-09-26 at 19:21 +0000, Mario Kevo wrote:
> Hi geode dev,
>  
> We would need to clarify the meaning of some ssl configuration
> parameters. When the flag “ssl-enabled-components” is set to
> “cluster”,
> our understanding is that this means geode would enforce SSL only
> between members of the same distributedSystem (same site). This would
> imply that communication between sites (gateway communication and
> site2site locator communication) wouldn’t be encrypted with ssl? Is
> this understanding correct?
>  
> If so, the behavior seems to differ: locator2locator communication
> between 2 sites/distributed systems fails if their certificates
> aren’t
> properly configured, meaning that ssl is still enforced in that
> communication.
> 
> Thanks,
> Mario
Mime
View raw message