zookeeper-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "ASF GitHub Bot (JIRA)" <j...@apache.org>
Subject [jira] [Updated] (ZOOKEEPER-3388) Allow client port to support plaintext and encrypted connections simultaneously
Date Sun, 12 May 2019 18:39:00 GMT

     [ https://issues.apache.org/jira/browse/ZOOKEEPER-3388?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]

ASF GitHub Bot updated ZOOKEEPER-3388:
--------------------------------------
    Labels: pull-request-available  (was: )

> Allow client port to support plaintext and encrypted connections simultaneously
> -------------------------------------------------------------------------------
>
>                 Key: ZOOKEEPER-3388
>                 URL: https://issues.apache.org/jira/browse/ZOOKEEPER-3388
>             Project: ZooKeeper
>          Issue Type: Improvement
>          Components: server
>    Affects Versions: 3.6.0
>            Reporter: Brian Nixon
>            Priority: Minor
>              Labels: pull-request-available
>
> ZOOKEEPER-2125 extended the ZooKeeper server-side to handle encrypted client connections
by allowing the server to open a second client port (the secure client port) to manage this
new style of traffic. A server is able to handle plaintext and encrypted clients simultaneously
by managing each on their respective ports. 
> When it comes time to get all clients connecting to your system to start using encryption,
this approach requires that they make two changes simultaneously: altering their client properties
to start use the secure settings and altering the routing information that they provide in
order to know where to connect with the ensemble. If either is misconfigured then the client
is cut off from the ensemble. With a large deployment of clients that are owned by a different
teams and different tools, this presents a danger in activating the feature. Ideally, the
two changes could be staggered so that first the encryption feature is activated and then
the routing information is changed in a subsequent phase.
> Allow the server connection factory managing the regular client port to handle both plaintext
and encrypted connections. This will be independent of the operation of the server connection
factory managing the secure client port but similar settings ought to apply to both (e.g.
cipher suites) to maintain inter compatibility.



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

Mime
View raw message