[jira] [Comment Edited] (CASSANDRA-17513) Add new property to pass keystore for outbound connections

Thu, 14 Apr 2022 18:31:20 -0700 


    [ 
https://issues.apache.org/jira/browse/CASSANDRA-17513?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17522461#comment-17522461
 ] 

Maulin Vasavada edited comment on CASSANDRA-17513 at 4/15/22 1:30 AM:
----------------------------------------------------------------------

Hi [~Jyothsnakonisa] Based on what you are saying, you seem to clearly 
understand client/server encryption options. However I fail to understand your 
challenge. Do you want to be able to configure different keystores for each 
server node?

If you are thinking that you want two different keystores for each server node 
- 1) for sending a server cert and 2) for sending the client cert, I would +1 
Brandon's question - What would be your motivation to do that? In my experience 
I've never seen such a setup. It makes total sense to say - Hey my server node 
has Identity-A and that is what I use to send to my client to trust me as well 
as when I am the client, I would use that to-be trusted by the receiver.


was (Author: maulin.vasavada):
Hi [~Jyothsnakonisa] Based on what you are saying, you seem to clearly 
understand client/server encryption options. However I fail to understand your 
challenge. Do you want to be able to configure different keystores for each 
server node?

> Add new property to pass keystore for outbound connections
> ----------------------------------------------------------
>
>                 Key: CASSANDRA-17513
>                 URL: https://issues.apache.org/jira/browse/CASSANDRA-17513
>             Project: Cassandra
>          Issue Type: Bug
>            Reporter: Jyothsna Konisa
>            Assignee: Jyothsna Konisa
>            Priority: Normal
>          Time Spent: 20m
>  Remaining Estimate: 0h
>
> Same keystore is being set for both Inbound and outbound connections but we 
> should use a keystore with server certificate for Inbound connections and a 
> keystore with client certificates for outbound connections. So we should add 
> a new property in Cassandra.yaml to pass outbound keystore and use it in 
> SSLContextFactory for creating outbound SSL context.



--
This message was sent by Atlassian Jira
(v8.20.1#820001)

---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

Reply via email to