[
https://issues.apache.org/jira/browse/CASSANDRA-16719?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Sumanth Pasupuleti updated CASSANDRA-16719:
-------------------------------------------
Description:
With CASSANDRA-16666 providing pluggable SSLContext, this ticket is to provide
mechanics for being able to transparently transition from using one SSLContext
implementation to another.
As indicated in
https://issues.apache.org/jira/browse/CASSANDRA-16666?focusedCommentId=17358655&page=com.atlassian.jira.plugin.system.issuetabpanels%3Acomment-tabpanel#comment-17358655,
one could do the following on their cluster for moving from say Implementation1
to Implementation2
Stage #1: Current state of being only Implementation1 aware. Use keystore and
trustmanager of implementation1
Stage #2: Start trusting both implementation1 and implementation2. Use keystore
of implementation1, but use trustmanager of both implementation1 and
implementation2 (using MultiTrustManagerFactory) (and perform a rolling restart
of the cluster)
Stage #3: Start using implementation2 for keystore, and perform a rolling
restart of the cluster
Stage #4: At this point, all nodes of the cluster are using implementation2 for
keystore, but trust both implementation1 and implementation2, and we can now
remove implementation1 from trustmanagers, and do a rolling restart.
was:With CASSANDRA-16666 providing pluggable SSLContext, this ticket is to
provide mechanics for being able to transparently transition from using one
SSLContext implementation to another.
> Allow for transitioning from using one SSLFactory implementation to another
> ---------------------------------------------------------------------------
>
> Key: CASSANDRA-16719
> URL: https://issues.apache.org/jira/browse/CASSANDRA-16719
> Project: Cassandra
> Issue Type: New Feature
> Reporter: Sumanth Pasupuleti
> Assignee: Sumanth Pasupuleti
> Priority: Normal
>
> With CASSANDRA-16666 providing pluggable SSLContext, this ticket is to
> provide mechanics for being able to transparently transition from using one
> SSLContext implementation to another.
> As indicated in
> https://issues.apache.org/jira/browse/CASSANDRA-16666?focusedCommentId=17358655&page=com.atlassian.jira.plugin.system.issuetabpanels%3Acomment-tabpanel#comment-17358655,
> one could do the following on their cluster for moving from say
> Implementation1 to Implementation2
> Stage #1: Current state of being only Implementation1 aware. Use keystore and
> trustmanager of implementation1
> Stage #2: Start trusting both implementation1 and implementation2. Use
> keystore of implementation1, but use trustmanager of both implementation1 and
> implementation2 (using MultiTrustManagerFactory) (and perform a rolling
> restart of the cluster)
> Stage #3: Start using implementation2 for keystore, and perform a rolling
> restart of the cluster
> Stage #4: At this point, all nodes of the cluster are using implementation2
> for keystore, but trust both implementation1 and implementation2, and we can
> now remove implementation1 from trustmanagers, and do a rolling restart.
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
