[CASSANDRA-12109] Configuring SSL for JMX connections forces requirement of local truststore - ASF JIRA

XML

Word

Printable

JSON

Details

Type: Bug
Status: Resolved
Priority: Normal
Resolution: Fixed
Fix Version/s: 3.8
Component/s: Legacy/Observability, Local/Config, Local/Startup and Shutdown
Labels:
- security

Severity:
Normal

Description

In ~~CASSANDRA-10091~~ we changed the way the JMX server is constructed such that this is always done programatically, which gives us control over the authentication and authorization mechanisms. Previously, when LOCAL_JMX=no, Cassandra would allow the JMX setup to be done by the built in JVM agent, which delegates to sun.management.jmxremote.ConnectorBootstrap to do the actual JMX & RMI setup.

This change has introduced a regression when SSL is enabled for JMX connections, namely that now it is not possible to start C* with only the server-side elements of the SSL setup specified. That is, if enabling SSL with com.sun.management.jmxremote.ssl=true, it should only be necessary to specify a keystore (via javax.net.ssl.keyStore), and a truststore should only be necessary if client authentication is also enabled (com.sun.management.jmxremote.ssl.need.client.auth=true).

As it is, C* cannot currently startup without a truststore containing the server's own certificate, which is clearly a bug.

Attachments

Activity

People

Assignee:: Sam Tunnicliffe

Reporter:: Sam Tunnicliffe

Authors:: Sam Tunnicliffe

Reviewers:: T Jake Luciani

Votes:: 0 Vote for this issue

Watchers:: 3 Start watching this issue

Dates

Created:: 29/Jun/16 11:08

Updated:: 16/Apr/19 09:30

Resolved:: 20/Jul/16 12:13