Return-Path: X-Original-To: apmail-zookeeper-user-archive@www.apache.org Delivered-To: apmail-zookeeper-user-archive@www.apache.org Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by minotaur.apache.org (Postfix) with SMTP id 03A1518F0F for ; Sat, 18 Jul 2015 00:00:50 +0000 (UTC) Received: (qmail 29897 invoked by uid 500); 18 Jul 2015 00:00:49 -0000 Delivered-To: apmail-zookeeper-user-archive@zookeeper.apache.org Received: (qmail 29841 invoked by uid 500); 18 Jul 2015 00:00:49 -0000 Mailing-List: contact user-help@zookeeper.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: user@zookeeper.apache.org Delivered-To: mailing list user@zookeeper.apache.org Received: (qmail 29829 invoked by uid 99); 18 Jul 2015 00:00:49 -0000 Received: from Unknown (HELO spamd1-us-west.apache.org) (209.188.14.142) by apache.org (qpsmtpd/0.29) with ESMTP; Sat, 18 Jul 2015 00:00:49 +0000 Received: from localhost (localhost [127.0.0.1]) by spamd1-us-west.apache.org (ASF Mail Server at spamd1-us-west.apache.org) with ESMTP id 8E969D5746 for ; Sat, 18 Jul 2015 00:00:48 +0000 (UTC) X-Virus-Scanned: Debian amavisd-new at spamd1-us-west.apache.org X-Spam-Flag: NO X-Spam-Score: 1.652 X-Spam-Level: * X-Spam-Status: No, score=1.652 tagged_above=-999 required=6.31 tests=[DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=3, RCVD_IN_MSPIKE_H4=-0.01, RCVD_IN_MSPIKE_WL=-0.01, RP_MATCHES_RCVD=-1.226, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001] autolearn=disabled Authentication-Results: spamd1-us-west.apache.org (amavisd-new); dkim=pass (1024-bit key) header.d=linkedin.com Received: from mx1-us-west.apache.org ([10.40.0.8]) by localhost (spamd1-us-west.apache.org [10.40.0.7]) (amavisd-new, port 10024) with ESMTP id cqSVirTKl2xV for ; Sat, 18 Jul 2015 00:00:48 +0000 (UTC) Received: from mail521.linkedin.com (mail521.linkedin.com [108.174.6.121]) by mx1-us-west.apache.org (ASF Mail Server at mx1-us-west.apache.org) with ESMTPS id B16F820627 for ; Sat, 18 Jul 2015 00:00:47 +0000 (UTC) Authentication-Results: mail521.prod x-tls.subject="/C=US/ST=California/L=Mountain View/O=Google Inc/CN=smtp.gmail.com"; auth=pass (cipher=ECDHE-RSA-AES128-GCM-SHA256) Authentication-Results: mail521.prod.linkedin.com; iprev=pass policy.iprev="209.85.223.176"; spf=softfail smtp.mailfrom="zuli@linkedin.com" smtp.helo="mail-ie0-f176.google.com"; dkim=none (message not signed) header.d=none; tls=pass (verified) key.ciphersuite="TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256" key.length="128" tls.v="tlsv1.2" cert.client="C=US,ST=California,L=Mountain View,O=Google Inc,CN=smtp.gmail.com" cert.clientissuer="C=US,O=Google Inc,CN=Google Internet Authority G2" Received: from [209.85.223.176] ([209.85.223.176:36332] helo=mail-ie0-f176.google.com) by mail521.prod (envelope-from ) (ecelerity 3.6.9.48312 r(Core:3.6.9.0)) with ESMTPS (cipher=ECDHE-RSA-AES128-GCM-SHA256 subject="/C=US/ST=California/L=Mountain View/O=Google Inc/CN=smtp.gmail.com") id 72/63-17440-82799A55; Sat, 18 Jul 2015 00:00:40 +0000 Received: by iehx8 with SMTP id x8so6805770ieh.3 for ; Fri, 17 Jul 2015 17:00:39 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:in-reply-to:references:date :message-id:subject:from:to:content-type; bh=SMmgMh7VXGWHzNqQlMd/pKS70S8hgCODQp+dZWrPINA=; b=ecVpqLSwjnKNWwe2127V5YwESKiRYNuioqiToQUsopNbahEyuxcSETHYT15M1u0mNq MrO0+mmAjmkMRaIATv7hqZBszH6Hl2b44XYW3YhppT/IFuKxUbtYjCYQpP3DUlsGXHce DKmSUaFPESc8yqIWVhDJPunK0guowMitgSDY6pb+1zQ4a+cp83QBq3bMAsxLGbwI184R 4DMUXECyIbIG8ofUUquGZuPlBDG7vbn9nsh1fVsjqoidNf08ycc9ANax14mtgf4Nox7k Xg1Z8KoBaKdDZvTdv05cfGljp7z5u1kqBuZgzUdEXfFcv1D4lADllmIhDzuOefhGPOAE M5bw== X-Gm-Message-State: ALoCoQl3VPyGzm5KXTABV3Jf/YCoredhyRSBzUEqXOH9c128Mnz4IwZcOm981pfXQdy6G2wEafye8QxoJ52oz1DbL+HOhbq/Zff/M0+qjtEyqK28bHWmXFYZaNVD2i6u2moEXMsPpc4vlEIwPRV/xQRHQICmlClGkA== X-Received: by 10.107.133.94 with SMTP id h91mr24472665iod.1.1437177639165; Fri, 17 Jul 2015 17:00:39 -0700 (PDT) MIME-Version: 1.0 X-Received: by 10.107.133.94 with SMTP id h91mr24472649iod.1.1437177639009; Fri, 17 Jul 2015 17:00:39 -0700 (PDT) Received: by 10.36.101.148 with HTTP; Fri, 17 Jul 2015 17:00:38 -0700 (PDT) In-Reply-To: References: Date: Fri, 17 Jul 2015 17:00:38 -0700 Message-ID: Subject: Re: Question about Secure Port in 3.5.1 From: Zhuo Li To: user@zookeeper.apache.org Content-Type: multipart/alternative; boundary=001a113ffc90a72410051b1afe6a --001a113ffc90a72410051b1afe6a Content-Type: text/plain; charset=UTF-8 Hi Ian, Oh, I see, which means, if both secure and not secure port/address are configured, we still create factory and config it for both of them, but we will skip the zkServer creation for the second one. Thank you so much for the response. Best, Zhuo On Fri, Jul 17, 2015 at 4:34 PM, Ian Dimayuga wrote: > Hi Zhuo, > > In mixed-mode SSL, the Zookeeper server is started once, but handles > requests through both endpoints. The logic just prevents the second > ServerCnxnFactory from trying to start the server if it's already been > started. It doesn't skip the secure endpoint--it will still be opened as > long as a secure port is specified. > > Ian > > -----Original Message----- > From: Zhuo Li [mailto:zuli@linkedin.com.INVALID] > Sent: Friday, July 17, 2015 4:30 PM > To: user@zookeeper.apache.org > Subject: Question about Secure Port in 3.5.1 > > Hi, > > I am reading source code of Zookeeper 3.5.1( inside runFromConfig method of > ZooKeeperServerMain.java) and realize that we try to use general > port/address first rather than secure port/address even both of them are > set, and if zkServer is started by the general one, we will skip using the > secure one. > > My question is why don't we try to use secure port/address first, then try > to use the general one if it fails. I think this will be more secure, right? > > And please correct me if I am wrong on this. > > Best, > Zhuo > --001a113ffc90a72410051b1afe6a--