[ https://issues.apache.org/jira/browse/CASSANDRA-11532?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Jacek Lewandowski updated CASSANDRA-11532: ------------------------------------------ Status: Patch Available (was: In Progress) > CqlConfigHelper requires both truststore and keystore to work with SSL > encryption > --------------------------------------------------------------------------------- > > Key: CASSANDRA-11532 > URL: https://issues.apache.org/jira/browse/CASSANDRA-11532 > Project: Cassandra > Issue Type: Bug > Reporter: Jacek Lewandowski > Assignee: Jacek Lewandowski > Attachments: CASSANDRA_11532.patch > > > {{CqlConfigHelper}} configures SSL in the following way: > {code:java} > public static Optional<SSLOptions> getSSLOptions(Configuration conf) > { > Optional<String> truststorePath = > getInputNativeSSLTruststorePath(conf); > Optional<String> keystorePath = getInputNativeSSLKeystorePath(conf); > Optional<String> truststorePassword = > getInputNativeSSLTruststorePassword(conf); > Optional<String> keystorePassword = > getInputNativeSSLKeystorePassword(conf); > Optional<String> cipherSuites = getInputNativeSSLCipherSuites(conf); > > if (truststorePath.isPresent() && keystorePath.isPresent() && > truststorePassword.isPresent() && keystorePassword.isPresent()) > { > SSLContext context; > try > { > context = getSSLContext(truststorePath.get(), > truststorePassword.get(), keystorePath.get(), keystorePassword.get()); > } > catch (UnrecoverableKeyException | KeyManagementException | > NoSuchAlgorithmException | KeyStoreException | > CertificateException | IOException e) > { > throw new RuntimeException(e); > } > String[] css = null; > if (cipherSuites.isPresent()) > css = cipherSuites.get().split(","); > return Optional.of(JdkSSLOptions.builder() > .withSSLContext(context) > .withCipherSuites(css) > .build()); > } > return Optional.absent(); > } > {code} > which forces you to connect only to trusted nodes and client authentication. > This should be made more flexible so that at least client authentication is > optional. -- This message was sent by Atlassian JIRA (v6.3.4#6332)