Hi Zhuo, In mixed-mode SSL, the Zookeeper server is started once, but handles requests through both endpoints. The logic just prevents the second ServerCnxnFactory from trying to start the server if it's already been started. It doesn't skip the secure endpoint--it will still be opened as long as a secure port is specified.
Ian -----Original Message----- From: Zhuo Li [mailto:[email protected]] Sent: Friday, July 17, 2015 4:30 PM To: [email protected] Subject: Question about Secure Port in 3.5.1 Hi, I am reading source code of Zookeeper 3.5.1( inside runFromConfig method of ZooKeeperServerMain.java) and realize that we try to use general port/address first rather than secure port/address even both of them are set, and if zkServer is started by the general one, we will skip using the secure one. My question is why don't we try to use secure port/address first, then try to use the general one if it fails. I think this will be more secure, right? And please correct me if I am wrong on this. Best, Zhuo
