[
https://issues.apache.org/jira/browse/CASSANDRA-15262?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17101924#comment-17101924
]
Joey Lynch commented on CASSANDRA-15262:
----------------------------------------
Alright CI runs for:
*
[trunk|https://app.circleci.com/pipelines/github/jolynch/cassandra/14/workflows/e8af29fd-1232-43cf-85ad-f7539e16b301],
only two unrelated dtest failures.
*
[2.2|https://app.circleci.com/pipelines/github/jolynch/cassandra/16/workflows/e8b14e66-80fd-4574-9acd-9740e44dbd15]
has some errors, will double check they're unrelated
*
[3.0|https://app.circleci.com/pipelines/github/jolynch/cassandra/15/workflows/be9286c2-cb73-4ff2-9db2-394ee2251d6f]
has some errors, will double check they're unrelated.
I think this patch is ready for review. I've put code comments indicating where
we need to do more refactoring in the future tickets (specifically splitting
these classes and changing the names to be sensible, e.g. require_client_auth
is just odd in server options, but let's defer that work to beta or rc).
[~benedict] or [~e.dimitrova] please let me know if you have any feedback on
the patch (and dtest patch) as is.
> server_encryption_options is not backwards compatible with 3.11
> ---------------------------------------------------------------
>
> Key: CASSANDRA-15262
> URL: https://issues.apache.org/jira/browse/CASSANDRA-15262
> Project: Cassandra
> Issue Type: Bug
> Components: Local/Config
> Reporter: Joey Lynch
> Assignee: Joey Lynch
> Priority: Normal
> Fix For: 4.0, 4.0-alpha
>
>
> The current `server_encryption_options` configuration options are as follows:
> {noformat}
> server_encryption_options:
> # set to true for allowing secure incoming connections
> enabled: false
> # If enabled and optional are both set to true, encrypted and unencrypted
> connections are handled on the storage_port
> optional: false
> # if enabled, will open up an encrypted listening socket on
> ssl_storage_port. Should be used
> # during upgrade to 4.0; otherwise, set to false.
> enable_legacy_ssl_storage_port: false
> # on outbound connections, determine which type of peers to securely
> connect to. 'enabled' must be set to true.
> internode_encryption: none
> keystore: conf/.keystore
> keystore_password: cassandra
> truststore: conf/.truststore
> truststore_password: cassandra
> # More advanced defaults below:
> # protocol: TLS
> # store_type: JKS
> # cipher_suites:
> [TLS_RSA_WITH_AES_128_CBC_SHA,TLS_RSA_WITH_AES_256_CBC_SHA,TLS_DHE_RSA_WITH_AES_128_CBC_SHA,TLS_DHE_RSA_WITH_AES_256_CBC_SHA,TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA,TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA]
> # require_client_auth: false
> # require_endpoint_verification: false
> {noformat}
> A couple of issues here:
> 1. optional defaults to false, which will break existing TLS configurations
> for (from what I can tell) no particularly good reason
> 2. The provided protocol and cipher suites are not good ideas (in particular
> encouraging anyone to use CBC ciphers is a bad plan
> I propose that before the 4.0 cut we fixup server_encryption_options and even
> client_encryption_options :
> # Change the default {{optional}} setting to true. As the new Netty code
> intelligently decides to open a TLS connection or not this is the more
> sensible default (saves operators a step while transitioning to TLS as well)
> # Update the defaults to what netty actually defaults to
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
---------------------------------------------------------------------
To unsubscribe, e-mail: commits-unsubscr...@cassandra.apache.org
For additional commands, e-mail: commits-h...@cassandra.apache.org
