[jira] [Commented] (CASSANDRA-9590) Support for both encrypted and unencrypted native transport connections

Mon, 15 Jun 2015 04:38:35 -0700 

    [ 
https://issues.apache.org/jira/browse/CASSANDRA-9590?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14585813#comment-14585813
 ] 

Mike Adamson commented on CASSANDRA-9590:
-----------------------------------------

[~spod] TLS is a transport layer protocol so would be implemented by the native 
protocol handler. The encryption is negotiated after the socket connection is 
made using a STARTTLS request by the client. If the client doesn't request TLS 
it can carry on communicating without encryption. 

> Support for both encrypted and unencrypted native transport connections
> -----------------------------------------------------------------------
>
>                 Key: CASSANDRA-9590
>                 URL: https://issues.apache.org/jira/browse/CASSANDRA-9590
>             Project: Cassandra
>          Issue Type: Improvement
>          Components: Core
>            Reporter: Stefan Podkowinski
>
> Enabling encryption for native transport currently turns SSL exclusively on 
> or off for the opened socket. Migrating from plain to encrypted requires to 
> migrate all native clients as well and redeploy all of them at the same time 
> after starting the SSL enabled Cassandra nodes. 
> This patch would allow to start Cassandra with both an unencrypted and ssl 
> enabled native port. Clients can connect to either, based whether they 
> support ssl or not.
> This has been implemented by introducing a new {{native_transport_port_ssl}} 
> config option. 
> There would be three scenarios:
> * client encryption disabled: native_transport_port unencrypted, port_ssl not 
> used
> * client encryption enabled, port_ssl not set: encrypted native_transport_port
> * client encryption enabled and port_ssl set: native_transport_port 
> unencrypted, port_ssl encrypted
> This approach would keep configuration behavior fully backwards compatible.
> Patch proposal (tests will be added later in case people will speak out in 
> favor for the patch):
> [Diff 
> trunk|https://github.com/apache/cassandra/compare/trunk...spodkowinski:feat/optionalnativessl],
>  
> [Patch against 
> trunk|https://github.com/apache/cassandra/compare/trunk...spodkowinski:feat/optionalnativessl.patch]



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Reply via email to