Hi all, The core work for TLS in the HBase RPC is mostly complete. With what's been committed so far, one can connect end-to-end with TLS between client/server and server/server. By default, we also enable mTLS (clients and servers validate the certificate and hostname at handshake).
Here is a list of all TLS related work so far (finished and remaining): https://issues.apache.org/jira/browse/HBASE-26666?jql=project%20%3D%20HBASE%20AND%20labels%20%3D%20tls As we now have the basic functionality done, I wanted to discuss what the release criteria should be. We had originally discussed releasing this in 2.6.0, which Andrew proposed tentatively planning for mid-December. Beyond the code being well tested with unit tests, I've also deployed this end-to-end in a basic test cluster in my company's environment. I deployed it to an existing cluster in a rolling fashion based on the steps described in Andor's documentation [1]. I will be out most of October, but when I return in November I hope to start deploying this on some production clusters after backporting to our main fork. What else would people like to see before including in a release, and would anyone be willing to give some testing a try themselves?
