zookeeper-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Ian Dimayuga <ian.dimay...@microsoft.com>
Subject RE: Question about Secure Port in 3.5.1
Date Fri, 17 Jul 2015 23:34:37 GMT
Hi Zhuo,

In mixed-mode SSL, the Zookeeper server is started once, but handles requests through both
endpoints. The logic just prevents the second ServerCnxnFactory from trying to start the server
if it's already been started. It doesn't skip the secure endpoint--it will still be opened
as long as a secure port is specified.


-----Original Message-----
From: Zhuo Li [mailto:zuli@linkedin.com.INVALID] 
Sent: Friday, July 17, 2015 4:30 PM
To: user@zookeeper.apache.org
Subject: Question about Secure Port in 3.5.1


I am reading source code of Zookeeper 3.5.1( inside runFromConfig method of
ZooKeeperServerMain.java) and realize that we try to use general port/address first rather
than secure port/address even both of them are set, and if zkServer is started by the general
one, we will skip using the secure one.

My question is why don't we try to use secure port/address first, then try to use the general
one if it fails. I think this will be more secure, right?

And please correct me if I am wrong on this.

View raw message