Uploaded image for project: 'Cassandra'
  1. Cassandra
  2. CASSANDRA-18508

Sensitive JMX SSL configuration options can be easily exposed

    XMLWordPrintableJSON

Details

    • Improvement
    • Status: Open
    • Normal
    • Resolution: Unresolved
    • 5.x
    • Feature/Encryption
    • None
    • Operability
    • Normal
    • None
    • Hide

      Unit tests created for the patch.

      End to end tests carried out and have verified that the fix hides sensitive SSL information from the process output.

      Show
      Unit tests created for the patch. End to end tests carried out and have verified that the fix hides sensitive SSL information from the process output.

    Description

      We need a way to specify sensitive JMX SSL configuration options to avoid them being easily exposed.

      When encrypting the JMX connection the passwords for the key and trust stores must be specified using the javax.net.ssl.keyStorePassword and javax.net.ssl.trustStorePassword options respectively in the cassandra-env.sh file. After Cassandra is started it is possible to see the passwords by looking the running process (ps aux | grep "cassandra").

      Java 8 has the ability to specify a configuration file that can contain these security sensitive settings using the com.sun.management.config.file argument. However, despite what the documentation (https://docs.oracle.com/javase/8/docs/technotes/guides/management/agent.html#gdevf) says, both the com.sun.management.jmxremote and com.sun.management.jmxremote.port arguments need to be defined in the cassandra-env.sh for the JVM to read the contents of the file.

      The problem with defining the com.sun.management.jmxremote.port argument is it conflicts with the cassandra.jmx.remote.port argument. Even if the port numbers are different, attempting an encrypted JMX connection using nodetool fails and we see a ConnectException: 'Connection refused (Connection refused)' error.

      One possible way to fix this is to introduce a new option that would allow a file to be passed containing the JMX encryption options.

      Attachments

        Issue Links

          Activity

            People

              smiklosovic Stefan Miklosovic
              anthony Anthony Grasso
              Stefan Miklosovic
              Votes:
              0 Vote for this issue
              Watchers:
              6 Start watching this issue

              Dates

                Created:
                Updated: