[jira] [Updated] (CASSANDRA-9220) Hostname verification for node-to-node encryption
[
https://issues.apache.org/jira/browse/CASSANDRA-9220?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Jeremy Hanna updated CASSANDRA-9220:
Labels: security (was: )
> Hostname verification for node-to-node encryption
> -
>
> Key: CASSANDRA-9220
> URL: https://issues.apache.org/jira/browse/CASSANDRA-9220
> Project: Cassandra
> Issue Type: New Feature
>Reporter: Stefan Podkowinski
>Assignee: Stefan Podkowinski
>Priority: Major
> Labels: security
> Fix For: 3.6
>
>
> This patch will will introduce a new ssl server option:
> {{require_endpoint_verification}}.
> Setting it will enable hostname verification for inter-node SSL
> communication. This is necessary to prevent man-in-the-middle attacks when
> building a trust chain against a common CA. See
> [here|https://tersesystems.com/2014/03/23/fixing-hostname-verification/] for
> background details.
> Clusters that solely rely on importing all node certificates into each trust
> store (as described
> [here|http://docs.datastax.com/en/cassandra/2.0/cassandra/security/secureSSLCertificates_t.html])
> are not effected.
> Clusters that use the same common CA to sign node certificates are
> potentially affected. In case the CA signing process will allow other parties
> to generate certs for different purposes, those certificates could in turn be
> used for MITM attacks. The provided patch will allow to enable hostname
> verification to make sure not only to check if the cert is valid but also if
> it has been created for the host that we're about to connect.
> Corresponding dtest: [Test for
> CASSANDRA-9220|https://github.com/riptano/cassandra-dtest/pull/237]
> Related patches from the client perspective:
> [Java|https://datastax-oss.atlassian.net/browse/JAVA-716],
> [Python|https://datastax-oss.atlassian.net/browse/PYTHON-296]
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
-
To unsubscribe, e-mail: commits-unsubscr...@cassandra.apache.org
For additional commands, e-mail: commits-h...@cassandra.apache.org
[jira] [Updated] (CASSANDRA-9220) Hostname verification for node-to-node encryption
[
https://issues.apache.org/jira/browse/CASSANDRA-9220?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Robert Stupp updated CASSANDRA-9220:
Resolution: Fixed
Fix Version/s: (was: 3.x)
3.6
Status: Resolved (was: Patch Available)
+1
Thanks!
Committed as c9c9c42263f1d477e45e9c2053bc1bbedc08bf8e to trunk
> Hostname verification for node-to-node encryption
> -
>
> Key: CASSANDRA-9220
> URL: https://issues.apache.org/jira/browse/CASSANDRA-9220
> Project: Cassandra
> Issue Type: New Feature
>Reporter: Stefan Podkowinski
>Assignee: Stefan Podkowinski
> Fix For: 3.6
>
>
> This patch will will introduce a new ssl server option:
> {{require_endpoint_verification}}.
> Setting it will enable hostname verification for inter-node SSL
> communication. This is necessary to prevent man-in-the-middle attacks when
> building a trust chain against a common CA. See
> [here|https://tersesystems.com/2014/03/23/fixing-hostname-verification/] for
> background details.
> Clusters that solely rely on importing all node certificates into each trust
> store (as described
> [here|http://docs.datastax.com/en/cassandra/2.0/cassandra/security/secureSSLCertificates_t.html])
> are not effected.
> Clusters that use the same common CA to sign node certificates are
> potentially affected. In case the CA signing process will allow other parties
> to generate certs for different purposes, those certificates could in turn be
> used for MITM attacks. The provided patch will allow to enable hostname
> verification to make sure not only to check if the cert is valid but also if
> it has been created for the host that we're about to connect.
> Corresponding dtest: [Test for
> CASSANDRA-9220|https://github.com/riptano/cassandra-dtest/pull/237]
> Related patches from the client perspective:
> [Java|https://datastax-oss.atlassian.net/browse/JAVA-716],
> [Python|https://datastax-oss.atlassian.net/browse/PYTHON-296]
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
[jira] [Updated] (CASSANDRA-9220) Hostname verification for node-to-node encryption
[
https://issues.apache.org/jira/browse/CASSANDRA-9220?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Stefan Podkowinski updated CASSANDRA-9220:
--
Attachment: (was: sslhostverification-2.0.patch)
> Hostname verification for node-to-node encryption
> -
>
> Key: CASSANDRA-9220
> URL: https://issues.apache.org/jira/browse/CASSANDRA-9220
> Project: Cassandra
> Issue Type: New Feature
>Reporter: Stefan Podkowinski
>Assignee: Stefan Podkowinski
> Fix For: 3.x
>
>
> This patch will will introduce a new ssl server option:
> {{require_endpoint_verification}}.
> Setting it will enable hostname verification for inter-node SSL
> communication. This is necessary to prevent man-in-the-middle attacks when
> building a trust chain against a common CA. See
> [here|https://tersesystems.com/2014/03/23/fixing-hostname-verification/] for
> background details.
> Clusters that solely rely on importing all node certificates into each trust
> store (as described
> [here|http://docs.datastax.com/en/cassandra/2.0/cassandra/security/secureSSLCertificates_t.html])
> are not effected.
> Clusters that use the same common CA to sign node certificates are
> potentially affected. In case the CA signing process will allow other parties
> to generate certs for different purposes, those certificates could in turn be
> used for MITM attacks. The provided patch will allow to enable hostname
> verification to make sure not only to check if the cert is valid but also if
> it has been created for the host that we're about to connect.
> Corresponding dtest: [Test for
> CASSANDRA-9220|https://github.com/riptano/cassandra-dtest/pull/237]
> Related patches from the client perspective:
> [Java|https://datastax-oss.atlassian.net/browse/JAVA-716],
> [Python|https://datastax-oss.atlassian.net/browse/PYTHON-296]
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
[jira] [Updated] (CASSANDRA-9220) Hostname verification for node-to-node encryption
[
https://issues.apache.org/jira/browse/CASSANDRA-9220?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Stefan Podkowinski updated CASSANDRA-9220:
--
Description:
This patch will will introduce a new ssl server option:
{{require_endpoint_verification}}.
Setting it will enable hostname verification for inter-node SSL communication.
This is necessary to prevent man-in-the-middle attacks when building a trust
chain against a common CA. See
[here|https://tersesystems.com/2014/03/23/fixing-hostname-verification/] for
background details.
Clusters that solely rely on importing all node certificates into each trust
store (as described
[here|http://docs.datastax.com/en/cassandra/2.0/cassandra/security/secureSSLCertificates_t.html])
are not effected.
Clusters that use the same common CA to sign node certificates are potentially
affected. In case the CA signing process will allow other parties to generate
certs for different purposes, those certificates could in turn be used for MITM
attacks. The provided patch will allow to enable hostname verification to make
sure not only to check if the cert is valid but also if it has been created for
the host that we're about to connect.
Corresponding dtest: [Test for
CASSANDRA-9220|https://github.com/riptano/cassandra-dtest/pull/237]
Related patches from the client perspective:
[Java|https://datastax-oss.atlassian.net/browse/JAVA-716],
[Python|https://datastax-oss.atlassian.net/browse/PYTHON-296]
was:
This patch will will introduce a new ssl server option:
{{require_endpoint_verification}}.
Setting it will enable hostname verification for inter-node SSL communication.
This is necessary to prevent man-in-the-middle attacks when building a trust
chain against a common CA. See
[here|https://tersesystems.com/2014/03/23/fixing-hostname-verification/] for
background details.
Clusters that solely rely on importing all node certificates into each trust
store (as described
[here|http://docs.datastax.com/en/cassandra/2.0/cassandra/security/secureSSLCertificates_t.html])
are not effected.
Clusters that use the same common CA to sign node certificates are potentially
affected. In case the CA signing process will allow other parties to generate
certs for different purposes, those certificates could in turn be used for MITM
attacks. The provided patch will allow to enable hostname verification to make
sure not only to check if the cert is valid but also if it has been created for
the host that we're about to connect.
Corresponding dtest: [Test for
CASSANDRA-9220|https://github.com/riptano/cassandra-dtest/pull/237]
Github:
2.0 ->
[diff|https://github.com/apache/cassandra/compare/cassandra-2.0...spodkowinski:feat/sslhostverification],
[patch|https://github.com/apache/cassandra/compare/cassandra-2.0...spodkowinski:feat/sslhostverification.patch],
Trunk ->
[diff|https://github.com/apache/cassandra/compare/trunk...spodkowinski:feat/sslhostverification],
[patch|https://github.com/apache/cassandra/compare/trunk...spodkowinski:feat/sslhostverification.patch]
Related patches from the client perspective:
[Java|https://datastax-oss.atlassian.net/browse/JAVA-716],
[Python|https://datastax-oss.atlassian.net/browse/PYTHON-296]
> Hostname verification for node-to-node encryption
> -
>
> Key: CASSANDRA-9220
> URL: https://issues.apache.org/jira/browse/CASSANDRA-9220
> Project: Cassandra
> Issue Type: New Feature
>Reporter: Stefan Podkowinski
>Assignee: Stefan Podkowinski
> Fix For: 3.x
>
> Attachments: sslhostverification-2.0.patch
>
>
> This patch will will introduce a new ssl server option:
> {{require_endpoint_verification}}.
> Setting it will enable hostname verification for inter-node SSL
> communication. This is necessary to prevent man-in-the-middle attacks when
> building a trust chain against a common CA. See
> [here|https://tersesystems.com/2014/03/23/fixing-hostname-verification/] for
> background details.
> Clusters that solely rely on importing all node certificates into each trust
> store (as described
> [here|http://docs.datastax.com/en/cassandra/2.0/cassandra/security/secureSSLCertificates_t.html])
> are not effected.
> Clusters that use the same common CA to sign node certificates are
> potentially affected. In case the CA signing process will allow other parties
> to generate certs for different purposes, those certificates could in turn be
> used for MITM attacks. The provided patch will allow to enable hostname
> verification to make sure not only to check if the cert is valid but also if
> it has been created for the host that we're about to connect.
> Corresponding dtest: [Test for
> CASSANDRA-9220|https://github.com/riptano/cassandra-dtest/pull/237]
> Related patches from the client
[jira] [Updated] (CASSANDRA-9220) Hostname verification for node-to-node encryption
[
https://issues.apache.org/jira/browse/CASSANDRA-9220?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Tyler Hobbs updated CASSANDRA-9220:
---
Reviewer: Robert Stupp (was: Tyler Hobbs)
> Hostname verification for node-to-node encryption
> -
>
> Key: CASSANDRA-9220
> URL: https://issues.apache.org/jira/browse/CASSANDRA-9220
> Project: Cassandra
> Issue Type: New Feature
>Reporter: Stefan Podkowinski
>Assignee: Stefan Podkowinski
> Fix For: 3.x
>
> Attachments: sslhostverification-2.0.patch
>
>
> This patch will will introduce a new ssl server option:
> {{require_endpoint_verification}}.
> Setting it will enable hostname verification for inter-node SSL
> communication. This is necessary to prevent man-in-the-middle attacks when
> building a trust chain against a common CA. See
> [here|https://tersesystems.com/2014/03/23/fixing-hostname-verification/] for
> background details.
> Clusters that solely rely on importing all node certificates into each trust
> store (as described
> [here|http://docs.datastax.com/en/cassandra/2.0/cassandra/security/secureSSLCertificates_t.html])
> are not effected.
> Clusters that use the same common CA to sign node certificates are
> potentially affected. In case the CA signing process will allow other parties
> to generate certs for different purposes, those certificates could in turn be
> used for MITM attacks. The provided patch will allow to enable hostname
> verification to make sure not only to check if the cert is valid but also if
> it has been created for the host that we're about to connect.
> Corresponding dtest: [Test for
> CASSANDRA-9220|https://github.com/riptano/cassandra-dtest/pull/237]
> Github:
> 2.0 ->
> [diff|https://github.com/apache/cassandra/compare/cassandra-2.0...spodkowinski:feat/sslhostverification],
>
> [patch|https://github.com/apache/cassandra/compare/cassandra-2.0...spodkowinski:feat/sslhostverification.patch],
> Trunk ->
> [diff|https://github.com/apache/cassandra/compare/trunk...spodkowinski:feat/sslhostverification],
>
> [patch|https://github.com/apache/cassandra/compare/trunk...spodkowinski:feat/sslhostverification.patch]
> Related patches from the client perspective:
> [Java|https://datastax-oss.atlassian.net/browse/JAVA-716],
> [Python|https://datastax-oss.atlassian.net/browse/PYTHON-296]
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
[jira] [Updated] (CASSANDRA-9220) Hostname verification for node-to-node encryption
[
https://issues.apache.org/jira/browse/CASSANDRA-9220?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Brandon Williams updated CASSANDRA-9220:
Reviewer: Tyler Hobbs (was: Brandon Williams)
> Hostname verification for node-to-node encryption
> -
>
> Key: CASSANDRA-9220
> URL: https://issues.apache.org/jira/browse/CASSANDRA-9220
> Project: Cassandra
> Issue Type: New Feature
> Components: Core
>Reporter: Stefan Podkowinski
>Assignee: Stefan Podkowinski
> Fix For: 3.x
>
> Attachments: sslhostverification-2.0.patch
>
>
> This patch will will introduce a new ssl server option:
> {{require_endpoint_verification}}.
> Setting it will enable hostname verification for inter-node SSL
> communication. This is necessary to prevent man-in-the-middle attacks when
> building a trust chain against a common CA. See
> [here|https://tersesystems.com/2014/03/23/fixing-hostname-verification/] for
> background details.
> Clusters that solely rely on importing all node certificates into each trust
> store (as described
> [here|http://docs.datastax.com/en/cassandra/2.0/cassandra/security/secureSSLCertificates_t.html])
> are not effected.
> Clusters that use the same common CA to sign node certificates are
> potentially affected. In case the CA signing process will allow other parties
> to generate certs for different purposes, those certificates could in turn be
> used for MITM attacks. The provided patch will allow to enable hostname
> verification to make sure not only to check if the cert is valid but also if
> it has been created for the host that we're about to connect.
> Corresponding dtest: [Test for
> CASSANDRA-9220|https://github.com/riptano/cassandra-dtest/pull/237]
> Github:
> 2.0 ->
> [diff|https://github.com/apache/cassandra/compare/cassandra-2.0...spodkowinski:feat/sslhostverification],
>
> [patch|https://github.com/apache/cassandra/compare/cassandra-2.0...spodkowinski:feat/sslhostverification.patch],
> Trunk ->
> [diff|https://github.com/apache/cassandra/compare/trunk...spodkowinski:feat/sslhostverification],
>
> [patch|https://github.com/apache/cassandra/compare/trunk...spodkowinski:feat/sslhostverification.patch]
> Related patches from the client perspective:
> [Java|https://datastax-oss.atlassian.net/browse/JAVA-716],
> [Python|https://datastax-oss.atlassian.net/browse/PYTHON-296]
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
[jira] [Updated] (CASSANDRA-9220) Hostname verification for node-to-node encryption
[
https://issues.apache.org/jira/browse/CASSANDRA-9220?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Jonathan Ellis updated CASSANDRA-9220:
--
Reviewer: Brandon Williams
Assignee: Stefan Podkowinski
Hostname verification for node-to-node encryption
-
Key: CASSANDRA-9220
URL: https://issues.apache.org/jira/browse/CASSANDRA-9220
Project: Cassandra
Issue Type: New Feature
Components: Core
Reporter: Stefan Podkowinski
Assignee: Stefan Podkowinski
Fix For: 3.x
Attachments: sslhostverification-2.0.patch
This patch will will introduce a new ssl server option:
{{require_endpoint_verification}}.
Setting it will enable hostname verification for inter-node SSL
communication. This is necessary to prevent man-in-the-middle attacks when
building a trust chain against a common CA. See
[here|https://tersesystems.com/2014/03/23/fixing-hostname-verification/] for
background details.
Clusters that solely rely on importing all node certificates into each trust
store (as described
[here|http://docs.datastax.com/en/cassandra/2.0/cassandra/security/secureSSLCertificates_t.html])
are not effected.
Clusters that use the same common CA to sign node certificates are
potentially affected. In case the CA signing process will allow other parties
to generate certs for different purposes, those certificates could in turn be
used for MITM attacks. The provided patch will allow to enable hostname
verification to make sure not only to check if the cert is valid but also if
it has been created for the host that we're about to connect.
Corresponding dtest: [Test for
CASSANDRA-9220|https://github.com/riptano/cassandra-dtest/pull/237]
Github:
2.0 -
[diff|https://github.com/apache/cassandra/compare/cassandra-2.0...spodkowinski:feat/sslhostverification],
[patch|https://github.com/apache/cassandra/compare/cassandra-2.0...spodkowinski:feat/sslhostverification.patch],
Trunk -
[diff|https://github.com/apache/cassandra/compare/trunk...spodkowinski:feat/sslhostverification],
[patch|https://github.com/apache/cassandra/compare/trunk...spodkowinski:feat/sslhostverification.patch]
Related patches from the client perspective:
[Java|https://datastax-oss.atlassian.net/browse/JAVA-716],
[Python|https://datastax-oss.atlassian.net/browse/PYTHON-296]
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
[jira] [Updated] (CASSANDRA-9220) Hostname verification for node-to-node encryption
[
https://issues.apache.org/jira/browse/CASSANDRA-9220?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Philip Thompson updated CASSANDRA-9220:
---
Fix Version/s: 3.0
Hostname verification for node-to-node encryption
-
Key: CASSANDRA-9220
URL: https://issues.apache.org/jira/browse/CASSANDRA-9220
Project: Cassandra
Issue Type: New Feature
Components: Core
Reporter: Stefan Podkowinski
Fix For: 3.0
Attachments: sslhostverification-2.0.patch
This patch will will introduce a new ssl server option:
{{require_endpoint_verification}}.
Setting it will enable hostname verification for inter-node SSL
communication. This is necessary to prevent man-in-the-middle attacks when
building a trust chain against a common CA. See
[here|https://tersesystems.com/2014/03/23/fixing-hostname-verification/] for
background details.
Clusters that solely rely on importing all node certificates into each trust
store (as described
[here|http://docs.datastax.com/en/cassandra/2.0/cassandra/security/secureSSLCertificates_t.html])
are not effected.
Clusters that use the same common CA to sign node certificates are
potentially affected. In case the CA signing process will allow other parties
to generate certs for different purposes, those certificates could in turn be
used for MITM attacks. The provided patch will allow to enable hostname
verification to make sure not only to check if the cert is valid but also if
it has been created for the host that we're about to connect.
Corresponding dtest: [Test for
CASSANDRA-9220|https://github.com/riptano/cassandra-dtest/pull/237]
Github:
2.0 -
[diff|https://github.com/apache/cassandra/compare/cassandra-2.0...spodkowinski:feat/sslhostverification],
[patch|https://github.com/apache/cassandra/compare/cassandra-2.0...spodkowinski:feat/sslhostverification.patch],
Trunk -
[diff|https://github.com/apache/cassandra/compare/trunk...spodkowinski:feat/sslhostverification],
[patch|https://github.com/apache/cassandra/compare/trunk...spodkowinski:feat/sslhostverification.patch]
Related patches from the client perspective:
[Java|https://datastax-oss.atlassian.net/browse/JAVA-716],
[Python|https://datastax-oss.atlassian.net/browse/PYTHON-296]
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
[jira] [Updated] (CASSANDRA-9220) Hostname verification for node-to-node encryption
[
https://issues.apache.org/jira/browse/CASSANDRA-9220?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Stefan Podkowinski updated CASSANDRA-9220:
--
Description:
This patch will will introduce a new ssl server option:
{{require_endpoint_verification}}.
Setting it will enable hostname verification for inter-node SSL communication.
This is necessary to prevent man-in-the-middle attacks when building a trust
chain against a common CA. See
[here|https://tersesystems.com/2014/03/23/fixing-hostname-verification/] for
background details.
Clusters that solely rely on importing all node certificates into each trust
store (as described
[here|http://docs.datastax.com/en/cassandra/2.0/cassandra/security/secureSSLCertificates_t.html])
are not effected.
Clusters that use the same common CA to sign node certificates are potentially
affected. In case the CA signing process will allow other parties to generate
certs for different purposes, those certificates could in turn be used for MITM
attacks. The provided patch will allow to enable hostname verification to make
sure not only to check if the cert is valid but also if it has been created for
the host that we're about to connect.
Corresponding dtest: [Test for
CASSANDRA-9220|https://github.com/riptano/cassandra-dtest/pull/237]
Github:
2.0 -
[diff|https://github.com/apache/cassandra/compare/cassandra-2.0...spodkowinski:feat/sslhostverification],
[patch|https://github.com/apache/cassandra/compare/cassandra-2.0...spodkowinski:feat/sslhostverification.patch],
Trunk -
[diff|https://github.com/apache/cassandra/compare/trunk...spodkowinski:feat/sslhostverification],
[patch|https://github.com/apache/cassandra/compare/trunk...spodkowinski:feat/sslhostverification.patch]
Related patches from the client perspective:
[Java|https://datastax-oss.atlassian.net/browse/JAVA-716],
[Python|https://datastax-oss.atlassian.net/browse/PYTHON-296]
was:
This patch will will introduce a new ssl server option:
{{require_endpoint_verification}}.
Setting it will enable hostname verification for inter-node SSL communication.
This is necessary to prevent man-in-the-middle attacks when building a trust
chain against a common CA. See
[here|https://tersesystems.com/2014/03/23/fixing-hostname-verification/] for
background details.
Clusters that solely rely on importing all node certificates into each trust
store (as described
[here|http://docs.datastax.com/en/cassandra/2.0/cassandra/security/secureSSLCertificates_t.html])
are not effected.
Clusters that use the same common CA to sign node certificates are potentially
affected. In case the CA signing process will allow other parties to generate
certs for different purposes, those certificates could in turn be used for MITM
attacks. The provided patch will allow to enable hostname verification to make
sure not only to check if the cert is valid but also if it has been created for
the host that we're about to connect.
Github:
2.0 -
[diff|https://github.com/apache/cassandra/compare/cassandra-2.0...spodkowinski:feat/sslhostverification],
[patch|https://github.com/apache/cassandra/compare/cassandra-2.0...spodkowinski:feat/sslhostverification.patch],
Trunk -
[diff|https://github.com/apache/cassandra/compare/trunk...spodkowinski:feat/sslhostverification],
[patch|https://github.com/apache/cassandra/compare/trunk...spodkowinski:feat/sslhostverification.patch]
Related patches from the client perspective:
[Java|https://datastax-oss.atlassian.net/browse/JAVA-716],
[Python|https://datastax-oss.atlassian.net/browse/PYTHON-296]
Hostname verification for node-to-node encryption
-
Key: CASSANDRA-9220
URL: https://issues.apache.org/jira/browse/CASSANDRA-9220
Project: Cassandra
Issue Type: New Feature
Components: Core
Reporter: Stefan Podkowinski
Attachments: sslhostverification-2.0.patch
This patch will will introduce a new ssl server option:
{{require_endpoint_verification}}.
Setting it will enable hostname verification for inter-node SSL
communication. This is necessary to prevent man-in-the-middle attacks when
building a trust chain against a common CA. See
[here|https://tersesystems.com/2014/03/23/fixing-hostname-verification/] for
background details.
Clusters that solely rely on importing all node certificates into each trust
store (as described
[here|http://docs.datastax.com/en/cassandra/2.0/cassandra/security/secureSSLCertificates_t.html])
are not effected.
Clusters that use the same common CA to sign node certificates are
potentially affected. In case the CA signing process will allow other parties
to generate certs for different purposes, those certificates could in turn be
used for MITM attacks. The provided patch will allow to enable hostname
verification
[jira] [Updated] (CASSANDRA-9220) Hostname verification for node-to-node encryption
[
https://issues.apache.org/jira/browse/CASSANDRA-9220?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Stefan Podkowinski updated CASSANDRA-9220:
--
Attachment: sslhostverification-2.0.patch
Hostname verification for node-to-node encryption
-
Key: CASSANDRA-9220
URL: https://issues.apache.org/jira/browse/CASSANDRA-9220
Project: Cassandra
Issue Type: New Feature
Components: Core
Reporter: Stefan Podkowinski
Attachments: sslhostverification-2.0.patch
This patch will will introduce a new ssl server option:
{{require_endpoint_verification}}.
Setting it will enable hostname verification for inter-node SSL
communication. This is necessary to prevent man-in-the-middle attacks when
building a trust chain against a common CA. See
[here|https://tersesystems.com/2014/03/23/fixing-hostname-verification/] for
background details.
Clusters that solely rely on importing all node certificates into each trust
store (as described
[here|http://docs.datastax.com/en/cassandra/2.0/cassandra/security/secureSSLCertificates_t.html])
are not effected.
Clusters that use the same common CA to sign node certificates are
potentially affected. In case the CA signing process will allow other parties
to generate certs for different purposes, those certificates could in turn be
used for MITM attacks. The provided patch will allow to enable hostname
verification to make sure not only to check if the cert is valid but also if
it has been created for the host that we're about to connect.
Related patches from the client perspective:
[Java|https://datastax-oss.atlassian.net/browse/JAVA-716],
[Python|https://datastax-oss.atlassian.net/browse/PYTHON-296]
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
[jira] [Updated] (CASSANDRA-9220) Hostname verification for node-to-node encryption
[
https://issues.apache.org/jira/browse/CASSANDRA-9220?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Stefan Podkowinski updated CASSANDRA-9220:
--
Description:
This patch will will introduce a new ssl server option:
{{require_endpoint_verification}}.
Setting it will enable hostname verification for inter-node SSL communication.
This is necessary to prevent man-in-the-middle attacks when building a trust
chain against a common CA. See
[here|https://tersesystems.com/2014/03/23/fixing-hostname-verification/] for
background details.
Clusters that solely rely on importing all node certificates into each trust
store (as described
[here|http://docs.datastax.com/en/cassandra/2.0/cassandra/security/secureSSLCertificates_t.html])
are not effected.
Clusters that use the same common CA to sign node certificates are potentially
affected. In case the CA signing process will allow other parties to generate
certs for different purposes, those certificates could in turn be used for MITM
attacks. The provided patch will allow to enable hostname verification to make
sure not only to check if the cert is valid but also if it has been created for
the host that we're about to connect.
Github:
2.0 -
[diff|https://github.com/apache/cassandra/compare/cassandra-2.0...spodkowinski:feat/sslhostverification],
[patch|https://github.com/apache/cassandra/compare/cassandra-2.0...spodkowinski:feat/sslhostverification.patch],
Trunk -
[diff|https://github.com/apache/cassandra/compare/trunk...spodkowinski:feat/sslhostverification],
[patch|https://github.com/apache/cassandra/compare/trunk...spodkowinski:feat/sslhostverification.patch]
Related patches from the client perspective:
[Java|https://datastax-oss.atlassian.net/browse/JAVA-716],
[Python|https://datastax-oss.atlassian.net/browse/PYTHON-296]
was:
This patch will will introduce a new ssl server option:
{{require_endpoint_verification}}.
Setting it will enable hostname verification for inter-node SSL communication.
This is necessary to prevent man-in-the-middle attacks when building a trust
chain against a common CA. See
[here|https://tersesystems.com/2014/03/23/fixing-hostname-verification/] for
background details.
Clusters that solely rely on importing all node certificates into each trust
store (as described
[here|http://docs.datastax.com/en/cassandra/2.0/cassandra/security/secureSSLCertificates_t.html])
are not effected.
Clusters that use the same common CA to sign node certificates are potentially
affected. In case the CA signing process will allow other parties to generate
certs for different purposes, those certificates could in turn be used for MITM
attacks. The provided patch will allow to enable hostname verification to make
sure not only to check if the cert is valid but also if it has been created for
the host that we're about to connect.
Related patches from the client perspective:
[Java|https://datastax-oss.atlassian.net/browse/JAVA-716],
[Python|https://datastax-oss.atlassian.net/browse/PYTHON-296]
Hostname verification for node-to-node encryption
-
Key: CASSANDRA-9220
URL: https://issues.apache.org/jira/browse/CASSANDRA-9220
Project: Cassandra
Issue Type: New Feature
Components: Core
Reporter: Stefan Podkowinski
Attachments: sslhostverification-2.0.patch
This patch will will introduce a new ssl server option:
{{require_endpoint_verification}}.
Setting it will enable hostname verification for inter-node SSL
communication. This is necessary to prevent man-in-the-middle attacks when
building a trust chain against a common CA. See
[here|https://tersesystems.com/2014/03/23/fixing-hostname-verification/] for
background details.
Clusters that solely rely on importing all node certificates into each trust
store (as described
[here|http://docs.datastax.com/en/cassandra/2.0/cassandra/security/secureSSLCertificates_t.html])
are not effected.
Clusters that use the same common CA to sign node certificates are
potentially affected. In case the CA signing process will allow other parties
to generate certs for different purposes, those certificates could in turn be
used for MITM attacks. The provided patch will allow to enable hostname
verification to make sure not only to check if the cert is valid but also if
it has been created for the host that we're about to connect.
Github:
2.0 -
[diff|https://github.com/apache/cassandra/compare/cassandra-2.0...spodkowinski:feat/sslhostverification],
[patch|https://github.com/apache/cassandra/compare/cassandra-2.0...spodkowinski:feat/sslhostverification.patch],
Trunk -
[diff|https://github.com/apache/cassandra/compare/trunk...spodkowinski:feat/sslhostverification],
