I see now that this is too new: https://issues.apache.org/jira/browse/CASSANDRA-1567 and that it's scheduled for the 0.8 release.
Is it right to assume the following from the accepted patch: 1. keystore and truststore passwords are kept in clear text in the cassandra.yaml ? 2. It's all or nothing when it comes to inter-node communication over SSL? Meaning, nodes that are part of the ring that aren't configured will start to fail if the configuration isn't changed? 3. I only want to encrypt data from region 1 < -- > region 2 where a vpn is not possible... data communication in the same rack for example, is on a private network and shouldn't be encrypted (except when it's ec2 ... i think it should be encrypted). This is not possible at the moment ... is there a plan for the future? I do appreciate any feedback and don't mean this to come across in a negative way. Just trying to understand how far off it is from being compliant in a security sense... -sd On Tue, Mar 22, 2011 at 9:21 AM, Sasha Dolgy <sdo...@gmail.com> wrote: > Hi, > > Is there documentation available anywhere that describes how one can > use org.apache.cassandra.security.streaming.* ? After the EC2 posts > yesterday, one question I was asked was about the security of data > being shifted between nodes. Is it done in clear text, or > encrypted..? I haven't seen anything to suggest that it's encrypted, > but see in the source that security.streaming does leverage SSL ... > > Thanks in advance for some pointers to documentation. > > Also, for anyone who is using SSL .. how much of a performance impact > have you noticed? Is it minimal or significant?
