[jira] [Comment Edited] (CASSANDRA-9220) Hostname verification for node-to-node encryption

Fri, 12 Feb 2016 11:02:55 -0800 

    [ 
https://issues.apache.org/jira/browse/CASSANDRA-9220?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15145056#comment-15145056
 ] 

Tyler Hobbs edited comment on CASSANDRA-9220 at 2/12/16 7:02 PM:
-----------------------------------------------------------------

[[email protected]] should we block this on CASSANDRA-10508, then?

I've also rebased a version of this on trunk: 
https://github.com/thobbs/cassandra/tree/CASSANDRA-9220-trunk-rebase


was (Author: thobbs):
[[email protected]] should we block this on CASSANDRA-10508, then?

> Hostname verification for node-to-node encryption
> -------------------------------------------------
>
>                 Key: CASSANDRA-9220
>                 URL: https://issues.apache.org/jira/browse/CASSANDRA-9220
>             Project: Cassandra
>          Issue Type: New Feature
>            Reporter: Stefan Podkowinski
>            Assignee: Stefan Podkowinski
>             Fix For: 3.x
>
>         Attachments: sslhostverification-2.0.patch
>
>
> This patch will will introduce a new ssl server option: 
> {{require_endpoint_verification}}. 
> Setting it will enable hostname verification for inter-node SSL 
> communication. This is necessary to prevent man-in-the-middle attacks when 
> building a trust chain against a common CA. See 
> [here|https://tersesystems.com/2014/03/23/fixing-hostname-verification/] for 
> background details. 
> Clusters that solely rely on importing all node certificates into each trust 
> store (as described 
> [here|http://docs.datastax.com/en/cassandra/2.0/cassandra/security/secureSSLCertificates_t.html])
>  are not effected. 
> Clusters that use the same common CA to sign node certificates are 
> potentially affected. In case the CA signing process will allow other parties 
> to generate certs for different purposes, those certificates could in turn be 
> used for MITM attacks. The provided patch will allow to enable hostname 
> verification to make sure not only to check if the cert is valid but also if 
> it has been created for the host that we're about to connect.
> Corresponding dtest: [Test for 
> CASSANDRA-9220|https://github.com/riptano/cassandra-dtest/pull/237]
> Github: 
> 2.0 -> 
> [diff|https://github.com/apache/cassandra/compare/cassandra-2.0...spodkowinski:feat/sslhostverification],
>  
> [patch|https://github.com/apache/cassandra/compare/cassandra-2.0...spodkowinski:feat/sslhostverification.patch],
> Trunk -> 
> [diff|https://github.com/apache/cassandra/compare/trunk...spodkowinski:feat/sslhostverification],
>  
> [patch|https://github.com/apache/cassandra/compare/trunk...spodkowinski:feat/sslhostverification.patch]
> Related patches from the client perspective: 
> [Java|https://datastax-oss.atlassian.net/browse/JAVA-716], 
> [Python|https://datastax-oss.atlassian.net/browse/PYTHON-296]



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Reply via email to