Dear Wiki user, You have subscribed to a wiki page or wiki category on "Cassandra Wiki" for change notification.
The "InternodeEncryption" page has been changed by DavidAllsopp: http://wiki.apache.org/cassandra/InternodeEncryption?action=diff&rev1=1&rev2=2 Comment: Added details from cassandra.yaml, and mention of inter-rack encryption Inter-node encryption uses standard TLS/SSL to authenticate and encrypt messages between nodes, to preotect data in transit between nodes, and to prevent unauthorized access to/control of nodes. - Encryption can be applied to all inter-node messages, or just messages crossing from one Datacenter to another. + Encryption can be applied to all inter-node messages, just messages crossing from one rack to another, or just messages crossing from one datacenter to another. This page needs fleshing out... skeleton instructions from https://issues.apache.org/jira/browse/CASSANDRA-3051 are: 1. follow the steps for generating a keystore and a trust store here: http://download.oracle.com/javase/6/docs/technotes/guides/security/jsse/JSSERefGuide.html#CreateKeystore - 2. plug those files into encryption_options in cassandra.yaml + 2. plug those files into `encryption_options` in `cassandra.yaml` - 3. make sure encryption_options.internode_encryption = all in the yaml. + 3. make sure `encryption_options.internode_encryption = all` in the yaml. + + See the section at the bottom of `conf/cassandra.yaml`: + + {{{ + # Enable or disable inter-node encryption + # Default settings are TLS v1, RSA 1024-bit keys (it is imperative that + # users generate their own keys) TLS_RSA_WITH_AES_128_CBC_SHA as the cipher + # suite for authentication, key exchange and encryption of the actual data transfers. + # NOTE: No custom encryption options are enabled at the moment + # The available internode options are : all, none, dc, rack + # + # If set to dc cassandra will encrypt the traffic between the DCs + # If set to rack cassandra will encrypt the traffic between the racks + # + # The passwords used in these options must match the passwords used when generating + # the keystore and truststore. For instructions on generating these files, see: + # http://download.oracle.com/javase/6/docs/technotes/guides/security/jsse/JSSERefGuide.html#CreateKeystore + encryption_options: + internode_encryption: none + keystore: conf/.keystore + keystore_password: cassandra + truststore: conf/.truststore + truststore_password: cassandra + }}} ----
