[jira] [Commented] (CASSANDRA-9220) Hostname verification for node-to-node encryption

Stefan Podkowinski (JIRA) Tue, 13 Oct 2015 08:29:29 -0700

    [ 
https://issues.apache.org/jira/browse/CASSANDRA-9220?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14955120#comment-14955120
 ]


Stefan Podkowinski commented on CASSANDRA-9220:
-----------------------------------------------

The [corresponding dtest|https://github.com/riptano/cassandra-dtest/pull/237] 
will currently fail on my machine. For some reason it will only succeed after 
adding the SHA256 cipher suite versions to the whitelist in EncryptionOptions. 
I've added some general thoughts on handling those options in CASSANDRA-10508. 

> Hostname verification for node-to-node encryption
> -------------------------------------------------
>
>                 Key: CASSANDRA-9220
>                 URL: https://issues.apache.org/jira/browse/CASSANDRA-9220
>             Project: Cassandra
>          Issue Type: New Feature
>          Components: Core
>            Reporter: Stefan Podkowinski
>            Assignee: Stefan Podkowinski
>             Fix For: 3.x
>
>         Attachments: sslhostverification-2.0.patch
>
>
> This patch will will introduce a new ssl server option: 
> {{require_endpoint_verification}}. 
> Setting it will enable hostname verification for inter-node SSL 
> communication. This is necessary to prevent man-in-the-middle attacks when 
> building a trust chain against a common CA. See 
> [here|https://tersesystems.com/2014/03/23/fixing-hostname-verification/] for 
> background details. 
> Clusters that solely rely on importing all node certificates into each trust 
> store (as described 
> [here|http://docs.datastax.com/en/cassandra/2.0/cassandra/security/secureSSLCertificates_t.html])
>  are not effected. 
> Clusters that use the same common CA to sign node certificates are 
> potentially affected. In case the CA signing process will allow other parties 
> to generate certs for different purposes, those certificates could in turn be 
> used for MITM attacks. The provided patch will allow to enable hostname 
> verification to make sure not only to check if the cert is valid but also if 
> it has been created for the host that we're about to connect.
> Corresponding dtest: [Test for 
> CASSANDRA-9220|https://github.com/riptano/cassandra-dtest/pull/237]
> Github: 
> 2.0 -> 
> [diff|https://github.com/apache/cassandra/compare/cassandra-2.0...spodkowinski:feat/sslhostverification],
>  
> [patch|https://github.com/apache/cassandra/compare/cassandra-2.0...spodkowinski:feat/sslhostverification.patch],
> Trunk -> 
> [diff|https://github.com/apache/cassandra/compare/trunk...spodkowinski:feat/sslhostverification],
>  
> [patch|https://github.com/apache/cassandra/compare/trunk...spodkowinski:feat/sslhostverification.patch]
> Related patches from the client perspective: 
> [Java|https://datastax-oss.atlassian.net/browse/JAVA-716], 
> [Python|https://datastax-oss.atlassian.net/browse/PYTHON-296]



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

[jira] [Commented] (CASSANDRA-9220) Hostname verification for node-to-node encryption

Reply via email to