zookeeper-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Zhuo Li <z...@linkedin.com.INVALID>
Subject Re: Question about Secure Port in 3.5.1
Date Sat, 18 Jul 2015 00:00:38 GMT
Hi Ian,

Oh, I see, which means, if both secure and not secure port/address are
configured, we still create factory and config it for both of them, but we
will skip the zkServer creation for the second one.

Thank you so much for the response.

Best,
Zhuo

On Fri, Jul 17, 2015 at 4:34 PM, Ian Dimayuga <ian.dimayuga@microsoft.com>
wrote:

> Hi Zhuo,
>
> In mixed-mode SSL, the Zookeeper server is started once, but handles
> requests through both endpoints. The logic just prevents the second
> ServerCnxnFactory from trying to start the server if it's already been
> started. It doesn't skip the secure endpoint--it will still be opened as
> long as a secure port is specified.
>
> Ian
>
> -----Original Message-----
> From: Zhuo Li [mailto:zuli@linkedin.com.INVALID]
> Sent: Friday, July 17, 2015 4:30 PM
> To: user@zookeeper.apache.org
> Subject: Question about Secure Port in 3.5.1
>
> Hi,
>
> I am reading source code of Zookeeper 3.5.1( inside runFromConfig method of
> ZooKeeperServerMain.java) and realize that we try to use general
> port/address first rather than secure port/address even both of them are
> set, and if zkServer is started by the general one, we will skip using the
> secure one.
>
> My question is why don't we try to use secure port/address first, then try
> to use the general one if it fails. I think this will be more secure, right?
>
> And please correct me if I am wrong on this.
>
> Best,
> Zhuo
>

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message