[
https://issues.apache.org/jira/browse/CASSANDRA-9590?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14710953#comment-14710953
]
Robert Stupp commented on CASSANDRA-9590:
-----------------------------------------
For 2.1 or trunk? (fixver is 2.1, but patch's against trunk)
> Support for both encrypted and unencrypted native transport connections
> -----------------------------------------------------------------------
>
> Key: CASSANDRA-9590
> URL: https://issues.apache.org/jira/browse/CASSANDRA-9590
> Project: Cassandra
> Issue Type: Improvement
> Components: Core
> Reporter: Stefan Podkowinski
> Fix For: 2.1.x
>
>
> Enabling encryption for native transport currently turns SSL exclusively on
> or off for the opened socket. Migrating from plain to encrypted requires to
> migrate all native clients as well and redeploy all of them at the same time
> after starting the SSL enabled Cassandra nodes.
> This patch would allow to start Cassandra with both an unencrypted and ssl
> enabled native port. Clients can connect to either, based whether they
> support ssl or not.
> This has been implemented by introducing a new {{native_transport_port_ssl}}
> config option.
> There would be three scenarios:
> * client encryption disabled: native_transport_port unencrypted, port_ssl not
> used
> * client encryption enabled, port_ssl not set: encrypted native_transport_port
> * client encryption enabled and port_ssl set: native_transport_port
> unencrypted, port_ssl encrypted
> This approach would keep configuration behavior fully backwards compatible.
> Patch proposal (tests will be added later in case people will speak out in
> favor for the patch):
> [Diff
> trunk|https://github.com/apache/cassandra/compare/trunk...spodkowinski:feat/optionalnativessl],
>
> [Patch against
> trunk|https://github.com/apache/cassandra/compare/trunk...spodkowinski:feat/optionalnativessl.patch]
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
