zookeeper-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Abraham Fine (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (ZOOKEEPER-236) SSL Support for Atomic Broadcast protocol
Date Fri, 31 Mar 2017 22:48:41 GMT

    [ https://issues.apache.org/jira/browse/ZOOKEEPER-236?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15951741#comment-15951741
] 

Abraham Fine commented on ZOOKEEPER-236:
----------------------------------------

Hi [~geek101]-

So I think it would be tough to table Hostname Verification as without it I think we are left
with something relatively insecure.

So if customers provide IPs alternative names can be specified as IPs so hostname verification
should still work. DNS requires a reverse lookup, but I think that is fine if users are choosing
to rely on DNS.

I uploaded a new revision with some integration style tests. I know I still need to add tests
for OCSP. The tests still require plenty of refactoring and the timeout is way to long, but
they are working. Let me know what additional tests we should add.

Abe

> SSL Support for Atomic Broadcast protocol
> -----------------------------------------
>
>                 Key: ZOOKEEPER-236
>                 URL: https://issues.apache.org/jira/browse/ZOOKEEPER-236
>             Project: ZooKeeper
>          Issue Type: New Feature
>          Components: quorum, server
>            Reporter: Benjamin Reed
>            Assignee: Abraham Fine
>            Priority: Minor
>
> We should have the ability to use SSL to authenticate and encrypt the traffic between
ZooKeeper servers. For the most part this is a very easy change. We would probably only want
to support this for TCP based leader elections.



--
This message was sent by Atlassian JIRA
(v6.3.15#6346)

Mime
View raw message