[ https://issues.apache.org/jira/browse/CASSANDRA-1567?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12919421#action_12919421 ]
Stu Hood commented on CASSANDRA-1567: ------------------------------------- * For 0001, I would really like to see an {{A(bstract)StreamableSocket}} rather than complete duplication of the Stream classes * Rather than a boolean, the {{internode_encryption}} setting should probably be an enum, to leave room to add conditional encryption based on zones returned by the snitch * The SSL settings in JVM_OPTS should be disabled by default, and need a comment linking to a place to get more information about the keystore and truststore files (probably the 'Creating Keystores' section of the link in the description) Sorry for the long delayed review: Thanks a ton for tackling this! > Provide configurable encryption support for internode communication > ------------------------------------------------------------------- > > Key: CASSANDRA-1567 > URL: https://issues.apache.org/jira/browse/CASSANDRA-1567 > Project: Cassandra > Issue Type: New Feature > Components: Core > Reporter: Nirmal Ranganathan > Assignee: Nirmal Ranganathan > Fix For: 0.7.1 > > Attachments: 0001-Adding-SSL-versions-for-streaming-classes.patch, > 0002-Configurable-internode-encryption-option.patch, > 0003-Default-Key-and-Certificate-for-internode-SSL.patch > > > Provide the option to encrypt internode communication. The initial thought is > to use JSSE > (http://download.oracle.com/javase/6/docs/technotes/guides/security/jsse/JSSERefGuide.html) > to wrap the existing ServerSocket & Sockets. This will only be an optional > configuration and not enabled by default. The defaults would be TLS V1, RSA > 1024-bit keys for handshake and SSL_RSA_WITH_RC4_128_MD5 as the cipher suite. > Although this can be made configurable if the need arises. -- This message is automatically generated by JIRA. - You can reply to this email to add a comment to the issue online.