[
https://issues.apache.org/jira/browse/CASSANDRA-5290?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15134242#comment-15134242
]
Hannu Kröger commented on CASSANDRA-5290:
-----------------------------------------
Is this still valid?
> Refactor inter-node SSL support to make it possible enable without total
> cluster downtime
> -----------------------------------------------------------------------------------------
>
> Key: CASSANDRA-5290
> URL: https://issues.apache.org/jira/browse/CASSANDRA-5290
> Project: Cassandra
> Issue Type: Improvement
> Reporter: Marcus Eriksson
> Priority: Minor
>
> should be possible by doing something similar to what compression does today:
> * node A connects to node B, indicating that it wants SSL
> * node A and B upgrade/wrap sockets
> * node B must still be able to talk to A (and all other nodes) without SSL
> nothing secret is shared during hand shake phase
> one difference compared to compression is that after the cluster is rolled
> there must be a way to not allow any non-ssl talk at all to avoid any
> plaintext-communication due to configuration mistakes. this should be doable
> via configuration and perhaps JMX
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
