Hi Ben, Thanks for confirming what I saw occur. The Datastax drivers don't play very nicely with Twisted Python so connection pooling is inconsistent and makes always-on TLS a no-go performance-wise. The encryption overhead isn't the problem, it's the build-up of the TLS session for every connection when connection pooling is not working as needed. That said it is still beneficial to be able to enforce TLS for remote access...MySQL allows you to enforce TLS on a per-user basis for example.
If someone has been successful not wrapping the Datastax drivers in deferToThread calls when using Twisted I'd appreciate insight on how you got that working because its pretty much undocumented. -J On Tue, Apr 19, 2016 at 11:46 PM, Ben Bromhead <b...@instaclustr.com> wrote: > Hi Jason > > If you enable encryption it will be always on. Optional encryption is > generally a bad idea (tm). Also always creating a new session every query > is also a bad idea (tm) even without the minimal overhead of encryption. > > If you are really hell bent on doing this you could have a node that is > part of the cluster but has -Dcassandra.join_ring=false set in jvm > options in cassandra-env.sh so it does not get any data and configure > that to have no encryption enabled. This is known as a fat client. Then > connect to that specific node whenever you want to do terrible non > encrypted things. > > Having said all that, please don't do this. > > Cheers > > On Tue, 19 Apr 2016 at 15:32 Jason J. W. Williams < > jasonjwwilli...@gmail.com> wrote: > >> Hey Guys, >> >> Is there a way to make TLS encryption optional for the CQL listener? We'd >> like to be able to use for remote management connections but not for same >> datacenter usage (since the build/up tear down cost is too high for things >> that don't use pools). >> >> Right now it appears if we enable encryption it requires it for all >> connections, which definitely is not what we want. >> >> -J >> > -- > Ben Bromhead > CTO | Instaclustr <https://www.instaclustr.com/> > +1 650 284 9692 > Managed Cassandra / Spark on AWS, Azure and Softlayer >
