[jira] [Commented] (CASSANDRA-4662) Core support for Thrift SSL integration

Wed, 19 Sep 2012 10:23:09 -0700 

    [ 
https://issues.apache.org/jira/browse/CASSANDRA-4662?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13458869#comment-13458869
 ] 

Vijay commented on CASSANDRA-4662:
----------------------------------

1) IMO the changes to the configuration needs to be done in the major releases 
(changes in encryption option name) so folks will notice NEWS.txt, the default 
is none if they dont read news.txt
2) ThriftSSLFactory is not called anywhere, am i missing something here? If we 
decide to use ThriftSSLFactory is better served within the o.a.c.thrift (not 
sure if we need a seperate class for this though)
3)
{code}
        int clientTimeout = 10000;
{code}
Should be RPC Timeout, if you look at the thrift source it is client 
SoTimeout... 
Traditionally we dont set SoTimeout in the server for the client connections 
(You might want to follow the same, because the other parts of cassandra will 
timeout just after the socket timeout and the client will not receive the 
Operation timeout).
4)
{code}
# this client encryption will only apply if you set rpc_server_type = sync.
{code}
Why?

Other concern have is either we support SSL or not, which is kind of hard in 
real life there can be clients which might not need encryption enabled, for 
unencrypted ports can be easily blocked via firewall.

It will be easier to review if we have stress modified and have an end to end 
test setup.
                
> Core support for Thrift SSL integration
> ---------------------------------------
>
>                 Key: CASSANDRA-4662
>                 URL: https://issues.apache.org/jira/browse/CASSANDRA-4662
>             Project: Cassandra
>          Issue Type: Sub-task
>          Components: Core
>            Reporter: Jason Brown
>            Assignee: Jason Brown
>             Fix For: 1.1.6
>
>         Attachments: 
> 0001-CASSANDRA-4662.-Core-work-of-adding-thrift-ssl-suppo.patch
>
>
> Ticket to separate out the changes to yaml and cassandra/thrift code for the 
> thrift SSL integration. 

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira

Reply via email to