zookeeper-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Abraham Fine (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (ZOOKEEPER-236) SSL Support for Atomic Broadcast protocol
Date Fri, 17 Mar 2017 22:19:42 GMT

    [ https://issues.apache.org/jira/browse/ZOOKEEPER-236?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15930825#comment-15930825

Abraham Fine commented on ZOOKEEPER-236:

Hi [~geek101]-

bq. Regarding host verification one other way to go is to follow this: X509ExtendedTrustManager
mentions about where to plugin host verification , it specifically quotes:
Let me know if this is what you had in mind. We do not need to subclass `X509ExtendedTrustManager`
ourselves to get this to work, since the `X509TrustManagerImpl` object generated by the PKIX
trustmanager factory (and x509 as well I think) extends `X509ExtendedTrustManager` already.
 If endpoint verification is set on the sslParameters of the sslSocket we get endpoint verification
for free in `X509ExtendedTrustManager`. The issue is that we are limited to the built in implementations
of endpoint verification but I think the "https" algorithm is sufficient for our use case.

> SSL Support for Atomic Broadcast protocol
> -----------------------------------------
>                 Key: ZOOKEEPER-236
>                 URL: https://issues.apache.org/jira/browse/ZOOKEEPER-236
>             Project: ZooKeeper
>          Issue Type: New Feature
>          Components: quorum, server
>            Reporter: Benjamin Reed
>            Assignee: Abraham Fine
>            Priority: Minor
> We should have the ability to use SSL to authenticate and encrypt the traffic between
ZooKeeper servers. For the most part this is a very easy change. We would probably only want
to support this for TCP based leader elections.

This message was sent by Atlassian JIRA

View raw message