[jira] [Assigned] (CASSANDRA-17367) sstableloader ignores streaming encryption settings

Wed, 09 Feb 2022 04:25:09 -0800 


     [ 
https://issues.apache.org/jira/browse/CASSANDRA-17367?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Brandon Williams reassigned CASSANDRA-17367:
--------------------------------------------

    Assignee: Dmitry Potepalov  (was: Brandon Williams)

> sstableloader ignores streaming encryption settings
> ---------------------------------------------------
>
>                 Key: CASSANDRA-17367
>                 URL: https://issues.apache.org/jira/browse/CASSANDRA-17367
>             Project: Cassandra
>          Issue Type: Bug
>          Components: Tool/bulk load
>            Reporter: Dmitry Potepalov
>            Assignee: Dmitry Potepalov
>            Priority: Normal
>             Fix For: 4.0.x, 4.x
>
>         Attachments: 17367-4.0.txt, 17367-trunk.txt
>
>
> Reproducible in Cassandra 4.x. If one configures encryption for streaming in 
> config yaml fed to sstableloader like this
> {{server_encryption_options:}}
> {{    internode_encryption: all}}
> {{    keystore: sstableloader.keystore.p12}}
> {{    keystore_password: changeit}}
> {{    truststore: sstableloader.truststore.jks}}
> {{    truststore_password: changeit}}
> then sstableloader should perform an SSL handshake on the streaming 
> connections and encrypt the payload. But this does not happen. Judging by the 
> TCPdump of the outgoing traffic on the internode port, sstableloader sends 
> plaintext traffic. This is the TCP payload of the first packet that 
> sstableloader sends after establishing TCP connection:
> {{ca 55 2d fa 0c 0c 0c 08 06 0a f0 01 f9 1b 58 a8 32 f2 d0}}
> The first 4 bytes look like Cassandra protocol magic, not like a client hello.
> I've discovered the issue while trying to migrate some data to a Cassandra 4 
> listening on the legacy ssl storage port (therefore, accepting only encrypted 
> connections on that port). Streaming phase of the migration failed with a 
> "connection closed" error, which hints that the connection was closed 
> server-side.



--
This message was sent by Atlassian Jira
(v8.20.1#820001)

---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

Reply via email to