[jira] [Updated] (ZOOKEEPER-3388) Allow client port to support plaintext and encrypted connections simultaneously

Sun, 12 May 2019 11:39:34 -0700 


     [ 
https://issues.apache.org/jira/browse/ZOOKEEPER-3388?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

ASF GitHub Bot updated ZOOKEEPER-3388:
--------------------------------------
    Labels: pull-request-available  (was: )

> Allow client port to support plaintext and encrypted connections 
> simultaneously
> -------------------------------------------------------------------------------
>
>                 Key: ZOOKEEPER-3388
>                 URL: https://issues.apache.org/jira/browse/ZOOKEEPER-3388
>             Project: ZooKeeper
>          Issue Type: Improvement
>          Components: server
>    Affects Versions: 3.6.0
>            Reporter: Brian Nixon
>            Priority: Minor
>              Labels: pull-request-available
>
> ZOOKEEPER-2125 extended the ZooKeeper server-side to handle encrypted client 
> connections by allowing the server to open a second client port (the secure 
> client port) to manage this new style of traffic. A server is able to handle 
> plaintext and encrypted clients simultaneously by managing each on their 
> respective ports. 
> When it comes time to get all clients connecting to your system to start 
> using encryption, this approach requires that they make two changes 
> simultaneously: altering their client properties to start use the secure 
> settings and altering the routing information that they provide in order to 
> know where to connect with the ensemble. If either is misconfigured then the 
> client is cut off from the ensemble. With a large deployment of clients that 
> are owned by a different teams and different tools, this presents a danger in 
> activating the feature. Ideally, the two changes could be staggered so that 
> first the encryption feature is activated and then the routing information is 
> changed in a subsequent phase.
> Allow the server connection factory managing the regular client port to 
> handle both plaintext and encrypted connections. This will be independent of 
> the operation of the server connection factory managing the secure client 
> port but similar settings ought to apply to both (e.g. cipher suites) to 
> maintain inter compatibility.



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

Reply via email to