[jira] [Commented] (GEODE-1372) Geode UDP communications are not secure when SSL is configured

Thu, 19 May 2016 12:28:36 -0700 

    [ 
https://issues.apache.org/jira/browse/GEODE-1372?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15291992#comment-15291992
 ] 

ASF subversion and git services commented on GEODE-1372:
--------------------------------------------------------

Commit a28b223a60c9ede73776cca245c9f650b4db66c1 in incubator-geode's branch 
refs/heads/feature/GEODE-1372 from [~bschuchardt]
[ https://git-wip-us.apache.org/repos/asf?p=incubator-geode.git;h=a28b223 ]

GEODE-1372 Geode UDP communications are not secure when SSL is configured

This branch contains Diffe Hellman encoding of UDP communications in Geode
using the encryption scheme that is already available for client/server
communications.  The current implementation uses security-client-dhalgo
to enable encryption.

Membership views hold the public keys of peers.  GMSEncrypt is a new
object that is held by JGroupsMessenger and is used to perform the
encryption/decryption.

GMSJoinLeave is modified to send a new member's public key to the
membership coordinator.  The coordinator sends its public key back prior
to announcing the new membership view with the new member.  This should
be changed to have the coordinator's public key be sent to the joining
member and the coordinator should get the new member's public key from
a locator as well.

GMSEncrypt needs to be changed to record time spent encrypting and
decrypting in DistributionStats as well as the number of encryptions/decryptions
performed.


> Geode UDP communications are not secure when SSL is configured
> --------------------------------------------------------------
>
>                 Key: GEODE-1372
>                 URL: https://issues.apache.org/jira/browse/GEODE-1372
>             Project: Geode
>          Issue Type: New Feature
>          Components: membership
>            Reporter: Bruce Schuchardt
>            Assignee: Hitesh Khamesra
>
> Gemfire servers use UDP requests to communicate membership views, suspect 
> processing and other information. When gemfire SSL is enabled, only the TCP 
> requests are encrypted and UDP requests are not.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Reply via email to