[jira] [Resolved] (CASSANDRA-5290) Refactor inter-node SSL support to make it possible enable without total cluster downtime

Jason Brown (JIRA) Wed, 23 Aug 2017 15:18:57 -0700

     [ 
https://issues.apache.org/jira/browse/CASSANDRA-5290?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]


Jason Brown resolved CASSANDRA-5290.
------------------------------------
    Resolution: Duplicate

> Refactor inter-node SSL support to make it possible enable without total 
> cluster downtime
> -----------------------------------------------------------------------------------------
>
>                 Key: CASSANDRA-5290
>                 URL: https://issues.apache.org/jira/browse/CASSANDRA-5290
>             Project: Cassandra
>          Issue Type: Improvement
>            Reporter: Marcus Eriksson
>            Priority: Minor
>
> should be possible by doing something similar to what compression does today:
> * node A connects to node B, indicating that it wants SSL
> * node A and B upgrade/wrap sockets
> * node B must still be able to talk to A (and all other nodes) without SSL
> nothing secret is shared during hand shake phase
> one difference compared to compression is that after the cluster is rolled 
> there must be a way to not allow any non-ssl talk at all to avoid any 
> plaintext-communication due to configuration mistakes. this should be doable 
> via configuration and perhaps JMX



--
This message was sent by Atlassian JIRA
(v6.4.14#64029)

---------------------------------------------------------------------
To unsubscribe, e-mail: commits-unsubscr...@cassandra.apache.org
For additional commands, e-mail: commits-h...@cassandra.apache.org

[jira] [Resolved] (CASSANDRA-5290) Refactor inter-node SSL support to make it possible enable without total cluster downtime

Reply via email to