[
https://issues.apache.org/jira/browse/CASSANDRA-10404?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15972394#comment-15972394
]
Stefan Podkowinski commented on CASSANDRA-10404:
------------------------------------------------
bq. I'm imagining that for 4.0 we still need both storage_port and
ssl_storage_port in place to support cluster upgrades. Upgraded nodes will be
smart enough to connect on the storage_port (which will be intelligent to
figure out if the connection is TLS or not). Unupgraded nodes can still connect
on the legacy port (as we'll need to listen on it, as well).
Looks like {{MessagingService.portFor(secure)}} would have to check the peer's
version in that case (or probably solved differently after CASSANDRA-7544).
Maybe we should also allow to set ssl_storage_port to same value as
storage_port to prevent opening the obsolete ssl socket in first place for
already upgraded clusters.
Needs to be covered in NEWS.txt in any case.
> Node to Node encryption transitional mode
> -----------------------------------------
>
> Key: CASSANDRA-10404
> URL: https://issues.apache.org/jira/browse/CASSANDRA-10404
> Project: Cassandra
> Issue Type: New Feature
> Reporter: Tom Lewis
> Assignee: Jason Brown
>
> Create a transitional mode for encryption that allows encrypted and
> unencrypted traffic node-to-node during a change over to encryption from
> unencrypted. This alleviates downtime during the switch.
> This is similar to CASSANDRA-10559 which is intended for client-to-node
--
This message was sent by Atlassian JIRA
(v6.3.15#6346)
