[jira] [Created] (CASSANDRA-15262) server_encryption_options is not backwards compatible with 3.11

Tue, 06 Aug 2019 15:00:28 -0700 

Joseph Lynch created CASSANDRA-15262:
----------------------------------------

             Summary: server_encryption_options is not backwards compatible 
with 3.11
                 Key: CASSANDRA-15262
                 URL: https://issues.apache.org/jira/browse/CASSANDRA-15262
             Project: Cassandra
          Issue Type: Bug
          Components: Local/Config
            Reporter: Joseph Lynch
            Assignee: Joseph Lynch


The current `server_encryption_options` configuration options are as follows:
{noformat}
server_encryption_options:
    # set to true for allowing secure incoming connections
    enabled: false
    # If enabled and optional are both set to true, encrypted and unencrypted 
connections are handled on the storage_port
    optional: false
    # if enabled, will open up an encrypted listening socket on 
ssl_storage_port. Should be used
    # during upgrade to 4.0; otherwise, set to false.
    enable_legacy_ssl_storage_port: false
    # on outbound connections, determine which type of peers to securely 
connect to. 'enabled' must be set to true.
    internode_encryption: none
    keystore: conf/.keystore
    keystore_password: cassandra
    truststore: conf/.truststore
    truststore_password: cassandra
    # More advanced defaults below:
    # protocol: TLS
    # store_type: JKS
    # cipher_suites: 
[TLS_RSA_WITH_AES_128_CBC_SHA,TLS_RSA_WITH_AES_256_CBC_SHA,TLS_DHE_RSA_WITH_AES_128_CBC_SHA,TLS_DHE_RSA_WITH_AES_256_CBC_SHA,TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA,TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA]
    # require_client_auth: false
    # require_endpoint_verification: false
{noformat}

A couple of issues here:
1. optional defaults to false, which will break existing TLS configurations for 
(from what I can tell) no particularly good reason
2. The provided protocol and cipher suites are not good ideas (in particular 
encouraging anyone to use CBC ciphers is a bad plan

I propose that before the 4.0 cut we fixup server_encryption_options and even 
client_encryption_options :
# Change the default {{optional}} setting to true. As the new Netty code 
intelligently decides to open a TLS connection or not this is the more sensible 
default (saves operators a step while transitioning to TLS as well)
# Update the defaults to what netty actually defaults to



--
This message was sent by Atlassian JIRA
(v7.6.14#76016)

---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

Reply via email to