Jai Bheemsen Rao Dhanwada created CASSANDRA-15038: -----------------------------------------------------
Summary: Provide an option to Disable Truststore CA check for internode_encryption Key: CASSANDRA-15038 URL: https://issues.apache.org/jira/browse/CASSANDRA-15038 Project: Cassandra Issue Type: Improvement Components: Feature/Encryption Reporter: Jai Bheemsen Rao Dhanwada Hello, The current internode encryption between cassandra nodes uses a keystore and truststore. However there are some use-case where users are okay to allow any one to trust as long as they have a keystore. This is requirement is only for encryption but not trusting the identity. It would be good to have an option to disable the Truststore CA check for the internode_encryption. In the current cassandra.yaml, there is no way to comment/disable the truststore and truststore password and allow anyone to connect with a certificate. `conf/.truststore` {code:java} server_encryption_options: internode_encryption: all keystore: /etc/cassandra/keystore.jks keystore_password: mykeypass truststore: /etc/cassandra/truststore.jks truststore_password: truststorepass # More advanced defaults below: # protocol: TLS # algorithm: SunX509 # store_type: JKS # cipher_suites: [TLS_RSA_WITH_AES_128_CBC_SHA,TLS_RSA_WITH_AES_256_CBC_SHA,TLS_DHE_RSA_WITH_AES_128_CBC_SHA,TLS_DHE_RSA_WITH_AES_256_CBC_SHA,TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA,TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA] # require_client_auth: false # require_endpoint_verification: false{code} {noformat} Caused by: java.io.IOException: Error creating the initializing the SSL Context at org.apache.cassandra.security.SSLFactory.createSSLContext(SSLFactory.java:201) ~[apache-cassandra-3.11.3.jar:3.11.3] at org.apache.cassandra.security.SSLFactory.getServerSocket(SSLFactory.java:61) ~[apache-cassandra-3.11.3.jar:3.11.3] at org.apache.cassandra.net.MessagingService.getServerSockets(MessagingService.java:708) ~[apache-cassandra-3.11.3.jar:3.11.3] ... 8 common frames omitted Caused by: java.io.FileNotFoundException: conf/.truststore (Permission denied) at java.io.FileInputStream.open0(Native Method) ~[na:1.8.0_151] at java.io.FileInputStream.open(FileInputStream.java:195) ~[na:1.8.0_151] at java.io.FileInputStream.<init>(FileInputStream.java:138) ~[na:1.8.0_151] at java.io.FileInputStream.<init>(FileInputStream.java:93) ~[na:1.8.0_151] at org.apache.cassandra.security.SSLFactory.createSSLContext(SSLFactory.java:168) ~[apache-cassandra-3.11.3.jar:3.11.3] ... 10 common frames omitted{noformat} -- This message was sent by Atlassian JIRA (v7.6.3#76005) --------------------------------------------------------------------- To unsubscribe, e-mail: commits-unsubscr...@cassandra.apache.org For additional commands, e-mail: commits-h...@cassandra.apache.org