[
https://issues.apache.org/jira/browse/IGNITE-13520?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17229017#comment-17229017
]
Pavel Pereslegin commented on IGNITE-13520:
-------------------------------------------
[~nizhikov], take a look at these changes.
> Сlient node with a static encrypted cache configuration can generate an
> encryption key when joining.
> ----------------------------------------------------------------------------------------------------
>
> Key: IGNITE-13520
> URL: https://issues.apache.org/jira/browse/IGNITE-13520
> Project: Ignite
> Issue Type: Bug
> Affects Versions: 2.9
> Reporter: Pavel Pereslegin
> Assignee: Pavel Pereslegin
> Priority: Major
> Labels: encryption
> Fix For: 2.10
>
> Time Spent: 1h
> Remaining Estimate: 0h
>
> Currently, when a client node joins a cluster with a static encrypted cache
> configuration, it generates an encryption key for that cache and sends it to
> the cluster (just like the server node does).
> _SpringEncryptedCacheRestartClientTest_ reproduces this behavior and it is
> unexpected, it happens due to IGNITE-13567 (see
> _GridEncryptionManager#collectJoiningNodeData_).
> The client node should not generate encryption keys and should be able to
> start without configuring EncryptionSPI.
> After doing some research on possible solutions, we decided to reject node
> joining in such a situation, because there is no clean and simple way to
> distribute the same encryption key between server nodes that are already in
> the cluster (we have to either add discovery overhead, block the exchange, or
> add an additional exchange to be able to distribute keys between server nodes
> that are already in the cluster).
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
