[CASSANDRA-7528] certificate not validated for internode SSL encryption. - ASF JIRA

XML

Word

Printable

JSON

Details

Type: Improvement
Status: Resolved
Priority: Normal
Resolution: Fixed
Fix Version/s: 2.0.10, 2.1 rc4
Component/s: None
Labels:
None
Environment:

Amazon Linux on various AWS EC2 instance types.

Description

An expired certificate may be used to encrypt internode communication.

To reproduce, set the server_encryption_options to enable internode encryption. Add the private key to the specified .keystore, and an expired certificate generated using the private key to the specified truststore. The same keys are used far all cassandra nodes in the cluster.

When cassandra is started, it is able to communicate with other cassandra nodes even though the certificate is expired.

Attachments

- Sort By Name
- Sort By Date
- Ascending
- Descending

7528.txt
10/Jul/14 13:49
2 kB
Brandon Williams

Activity

People

Assignee:: Brandon Williams

Reporter:: Joseph Clark

Authors:: Brandon Williams

Reviewers:: Jason Brown

Votes:: 0 Vote for this issue

Watchers:: 3 Start watching this issue

Dates

Created:: 09/Jul/14 17:11

Updated:: 16/Apr/19 09:31

Resolved:: 10/Jul/14 17:11