István Fajth created HDDS-15817:
-----------------------------------

             Summary: Apply configured gRPC TLS provider, protocols, and cipher 
suites to Ratis endpoints
                 Key: HDDS-15817
                 URL: https://issues.apache.org/jira/browse/HDDS-15817
             Project: Apache Ozone
          Issue Type: Improvement
    Affects Versions: 2.3.0
            Reporter: István Fajth
            Assignee: István Fajth


Ozone exposes {{hdds.grpc.tls.provider}}, {{hdds.grpc.tls.protocols}}, and 
{{hdds.grpc.tls.ciphers}}, and already applies them to its directly-managed 
gRPC servers (the datanode data path, container replication, inter-SCM, and the 
OM S3 gateway). The Ratis-fronted endpoints, however — the SCM, OM, and 
datanode Raft servers and their clients — ignore these settings. As a result, 
operators can harden the TLS protocol versions, cipher suites, and SSL provider 
on most of Ozone's gRPC surface but not on the Raft ports, which stay on 
provider defaults.

This task wires the existing {{hdds.grpc.tls.*}} settings into the TLS 
configuration Ozone hands to Ratis, so that the Raft server, client, admin, and 
data-stream endpoints enforce the same provider, protocol, and cipher policy as 
the rest of the gRPC servers. No new configuration keys are added, and behavior 
is unchanged when the settings are left unset.



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

Reply via email to