Brian Nixon created ZOOKEEPER-3388:
--------------------------------------
Summary: Allow client port to support plaintext and encrypted
connections simultaneously
Key: ZOOKEEPER-3388
URL: https://issues.apache.org/jira/browse/ZOOKEEPER-3388
Project: ZooKeeper
Issue Type: Improvement
Components: server
Affects Versions: 3.6.0
Reporter: Brian Nixon
ZOOKEEPER-2125 extended the ZooKeeper server-side to handle encrypted client
connections by allowing the server to open a second client port (the secure
client port) to manage this new style of traffic. A server is able to handle
plaintext and encrypted clients simultaneously by managing each on their
respective ports.
When it comes time to get all clients connecting to your system to start using
encryption, this approach requires that they make two changes simultaneously:
altering their client properties to start use the secure settings and altering
the routing information that they provide in order to know where to connect
with the ensemble. If either is misconfigured then the client is cut off from
the ensemble. With a large deployment of clients that are owned by a different
teams and different tools, this presents a danger in activating the feature.
Ideally, the two changes could be staggered so that first the encryption
feature is activated and then the routing information is changed in a
subsequent phase.
Allow the server connection factory managing the regular client port to handle
both plaintext and encrypted connections. This will be independent of the
operation of the server connection factory managing the secure client port but
similar settings ought to apply to both (e.g. cipher suites) to maintain inter
compatibility.
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
