Details
-
Improvement
-
Status: In Progress
-
Normal
-
Resolution: Unresolved
-
None
-
Operability
-
Normal
-
None
-
Description
We need a way to specify sensitive JMX SSL configuration options to avoid them being easily exposed.
When encrypting the JMX connection the passwords for the key and trust stores must be specified using the javax.net.ssl.keyStorePassword and javax.net.ssl.trustStorePassword options respectively in the cassandra-env.sh file. After Cassandra is started it is possible to see the passwords by looking the running process (ps aux | grep "cassandra").
Java 8 has the ability to specify a configuration file that can contain these security sensitive settings using the com.sun.management.config.file argument. However, despite what the documentation (https://docs.oracle.com/javase/8/docs/technotes/guides/management/agent.html#gdevf) says, both the com.sun.management.jmxremote and com.sun.management.jmxremote.port arguments need to be defined in the cassandra-env.sh for the JVM to read the contents of the file.
The problem with defining the com.sun.management.jmxremote.port argument is it conflicts with the cassandra.jmx.remote.port argument. Even if the port numbers are different, attempting an encrypted JMX connection using nodetool fails and we see a ConnectException: 'Connection refused (Connection refused)' error.
One possible way to fix this is to introduce a new option that would allow a file to be passed containing the JMX encryption options.
Attachments
Issue Links
- is related to
-
CASSANDRA-13428 Security: provide keystore_password_file and truststore_password_file options
- Open
-
CASSANDRA-11695 Move JMX connection config to cassandra.yaml
- Open
- links to