Uploaded image for project: 'Cassandra'
  1. Cassandra
  2. CASSANDRA-16719

Allow for transitioning from using one SSLContextFactory implementation to another

    XMLWordPrintableJSON

Details

    • New Feature
    • Status: Open
    • Normal
    • Resolution: Unresolved
    • 4.x
    • Messaging/Internode
    • None
    • Operability
    • Normal
    • All
    • None

    Description

      With CASSANDRA-16666 providing pluggable SSLContext, this ticket is to provide mechanics for being able to transparently transition from using one SSLContext implementation to another.

      As indicated in https://issues.apache.org/jira/browse/CASSANDRA-16666?focusedCommentId=17358655&page=com.atlassian.jira.plugin.system.issuetabpanels%3Acomment-tabpanel#comment-17358655,
      one could do the following on their cluster for moving from say Implementation1 to Implementation2
      Stage #1: Current state of being only Implementation1 aware. Use keystore and trustmanager of implementation1
      Stage #2: Start trusting both implementation1 and implementation2. Use keystore of implementation1, but use trustmanager of both implementation1 and implementation2 (using MultiTrustManagerFactory) (and perform a rolling restart of the cluster)
      Stage #3: Start using implementation2 for keystore, and perform a rolling restart of the cluster
      Stage #4: At this point, all nodes of the cluster are using implementation2 for keystore, but trust both implementation1 and implementation2, and we can now remove implementation1 from trustmanagers, and do a rolling restart.

      Attachments

        Issue Links

          Activity

            People

              sumanth.pasupuleti Sumanth Pasupuleti
              sumanth.pasupuleti Sumanth Pasupuleti
              Sumanth Pasupuleti
              Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

              Dates

                Created:
                Updated: