John Sanda created CASSANDRA-15132:
--------------------------------------
Summary: one-way TLS authentication for client encryption is broken
Key: CASSANDRA-15132
URL: https://issues.apache.org/jira/browse/CASSANDRA-15132
Project: Cassandra
Issue Type: Bug
Components: Feature/Encryption
Reporter: John Sanda
CASSANDRA-14652 caused a regression for client/native transport encryption. It
broken one-way TLS authentication where only the client authenticates the
coordinator node's certificate chain. This would be configured in
cassandra.yaml as such:
{noformat}
client_encryption_options:
enabled: true
keystore: /path/to/keystore
keystore_password: my_keystore_password
optional: false
require_client_auth: false
{noformat}
With the changes in CASSANDRA-14652, ServerConnection.java always assumes that
there will always be a client certificate chain, which will not be the case
with the above configuration.
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
