[CASSANDRA-9590] Support for both encrypted and unencrypted native transport connections - ASF JIRA

XML

Word

Printable

JSON

Details

Type: Improvement
Status: Resolved
Priority: Normal
Resolution: Fixed
Fix Version/s: 3.0.0 rc1
Component/s: None
Labels:
None

Description

Enabling encryption for native transport currently turns SSL exclusively on or off for the opened socket. Migrating from plain to encrypted requires to migrate all native clients as well and redeploy all of them at the same time after starting the SSL enabled Cassandra nodes.

This patch would allow to start Cassandra with both an unencrypted and ssl enabled native port. Clients can connect to either, based whether they support ssl or not.

This has been implemented by introducing a new native_transport_port_ssl config option.
There would be three scenarios:

client encryption disabled, native_transport_port unencrypted, native_transport_port_ssl not used
client encryption enabled, native_transport_port_ssl not set, native_transport_port encrypted
client encryption enabled, native_transport_port_ssl set, native_transport_port unencrypted, native_transport_port_ssl encrypted

This approach would keep configuration behavior fully backwards compatible.

Patch proposal: Branch, Diff cassandra-3.0, Patch against cassandra-3.0

DTest: Branch, Diff master, Pull Request

Attachments

- Sort By Name
- Sort By Date
- Ascending
- Descending

nosetest_output.txt
03/Sep/15 10:27
0.6 kB
Stefan Podkowinski

Issue Links

is duplicated by

CASSANDRA-7374 Support SSL and non-SSL applications to connect to same Cassandra cluster

Resolved

Activity

People

Assignee:: Stefan Podkowinski

Reporter:: Stefan Podkowinski

Authors:: Stefan Podkowinski

Reviewers:: Robert Stupp

Votes:: 2 Vote for this issue

Watchers:: 8 Start watching this issue

Dates

Created:: 12/Jun/15 12:05

Updated:: 16/Apr/19 09:31

Resolved:: 05/Sep/15 16:30