Stefan Podkowinski created CASSANDRA-9590:
---------------------------------------------
Summary: Support for both encrypted and unencrypted native
transport connections
Key: CASSANDRA-9590
URL: https://issues.apache.org/jira/browse/CASSANDRA-9590
Project: Cassandra
Issue Type: Improvement
Components: Core
Reporter: Stefan Podkowinski
Enabling encryption for native transport currently turns SSL exclusively on or
off for the opened socket. Migrating from plain to encrypted requires to
migrate all native clients as well and redeploy all of them at the same time
after starting the SSL enabled Cassandra nodes.
This patch would allow to start Cassandra with both an unencrypted and ssl
enabled native port. Clients can connect to either, based whether they support
ssl or not.
This has been implemented by introducing a new {{native_transport_port_ssl}}
config option.
There would be three scenarios:
* client encryption disabled: native_transport_port unencrypted, port_ssl not
used
* client encryption enabled, port_ssl not set: encrypted native_transport_port
* client encryption enabled and port_ssl set: native_transport_port
unencrypted, port_ssl encrypted
This approach would keep configuration behavior fully backwards compatible.
Patch proposal (tests will be added later in case people will speak out in
favor for the patch):
[Diff
trunk|https://github.com/apache/cassandra/compare/trunk...spodkowinski:feat/optionalnativessl],
[Patch against
trunk|https://github.com/apache/cassandra/compare/trunk...spodkowinski:feat/optionalnativessl.patch]
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
