Jacek Lewandowski created CASSANDRA-11532: ---------------------------------------------
Summary: CqlConfigHelper requires both truststore and keystore to work with SSL encryption Key: CASSANDRA-11532 URL: https://issues.apache.org/jira/browse/CASSANDRA-11532 Project: Cassandra Issue Type: Bug Reporter: Jacek Lewandowski Assignee: Jacek Lewandowski {{CqlConfigHelper}} configures SSL in the following way: {code:java} public static Optional<SSLOptions> getSSLOptions(Configuration conf) { Optional<String> truststorePath = getInputNativeSSLTruststorePath(conf); Optional<String> keystorePath = getInputNativeSSLKeystorePath(conf); Optional<String> truststorePassword = getInputNativeSSLTruststorePassword(conf); Optional<String> keystorePassword = getInputNativeSSLKeystorePassword(conf); Optional<String> cipherSuites = getInputNativeSSLCipherSuites(conf); if (truststorePath.isPresent() && keystorePath.isPresent() && truststorePassword.isPresent() && keystorePassword.isPresent()) { SSLContext context; try { context = getSSLContext(truststorePath.get(), truststorePassword.get(), keystorePath.get(), keystorePassword.get()); } catch (UnrecoverableKeyException | KeyManagementException | NoSuchAlgorithmException | KeyStoreException | CertificateException | IOException e) { throw new RuntimeException(e); } String[] css = null; if (cipherSuites.isPresent()) css = cipherSuites.get().split(","); return Optional.of(JdkSSLOptions.builder() .withSSLContext(context) .withCipherSuites(css) .build()); } return Optional.absent(); } {code} which forces you to connect only to trusted nodes and client authentication. This should be made more flexible so that at least client authentication is optional. -- This message was sent by Atlassian JIRA (v6.3.4#6332)