zookeeper-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Brian Nixon (JIRA)" <j...@apache.org>
Subject [jira] [Created] (ZOOKEEPER-3388) Allow client port to support plaintext and encrypted connections simultaneously
Date Sun, 12 May 2019 18:38:00 GMT
Brian Nixon created ZOOKEEPER-3388:
--------------------------------------

             Summary: Allow client port to support plaintext and encrypted connections simultaneously
                 Key: ZOOKEEPER-3388
                 URL: https://issues.apache.org/jira/browse/ZOOKEEPER-3388
             Project: ZooKeeper
          Issue Type: Improvement
          Components: server
    Affects Versions: 3.6.0
            Reporter: Brian Nixon


ZOOKEEPER-2125 extended the ZooKeeper server-side to handle encrypted client connections by
allowing the server to open a second client port (the secure client port) to manage this new
style of traffic. A server is able to handle plaintext and encrypted clients simultaneously
by managing each on their respective ports. 

When it comes time to get all clients connecting to your system to start using encryption,
this approach requires that they make two changes simultaneously: altering their client properties
to start use the secure settings and altering the routing information that they provide in
order to know where to connect with the ensemble. If either is misconfigured then the client
is cut off from the ensemble. With a large deployment of clients that are owned by a different
teams and different tools, this presents a danger in activating the feature. Ideally, the
two changes could be staggered so that first the encryption feature is activated and then
the routing information is changed in a subsequent phase.

Allow the server connection factory managing the regular client port to handle both plaintext
and encrypted connections. This will be independent of the operation of the server connection
factory managing the secure client port but similar settings ought to apply to both (e.g.
cipher suites) to maintain inter compatibility.



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

Mime
View raw message