[
https://issues.apache.org/jira/browse/CASSANDRA-15132?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16844299#comment-16844299
]
John Sanda commented on CASSANDRA-15132:
----------------------------------------
I pushed a fix at
https://github.com/jsanda/cassandra/tree/tls-client-auth-patch.
> one-way TLS authentication for client encryption is broken
> ----------------------------------------------------------
>
> Key: CASSANDRA-15132
> URL: https://issues.apache.org/jira/browse/CASSANDRA-15132
> Project: Cassandra
> Issue Type: Bug
> Components: Feature/Encryption
> Reporter: John Sanda
> Priority: Normal
>
> CASSANDRA-14652 caused a regression for client/native transport encryption.
> It broken one-way TLS authentication where only the client authenticates the
> coordinator node's certificate chain. This would be configured in
> cassandra.yaml as such:
> {noformat}
> client_encryption_options:
> enabled: true
> keystore: /path/to/keystore
> keystore_password: my_keystore_password
> optional: false
> require_client_auth: false
> {noformat}
> With the changes in CASSANDRA-14652, ServerConnection.java always assumes
> that there will always be a client certificate chain, which will not be the
> case with the above configuration.
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
