[
https://issues.apache.org/jira/browse/CASSANDRA-1567?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12919421#action_12919421
]
Stu Hood commented on CASSANDRA-1567:
-------------------------------------
* For 0001, I would really like to see an {{A(bstract)StreamableSocket}} rather
than complete duplication of the Stream classes
* Rather than a boolean, the {{internode_encryption}} setting should probably
be an enum, to leave room to add conditional encryption based on zones returned
by the snitch
* The SSL settings in JVM_OPTS should be disabled by default, and need a
comment linking to a place to get more information about the keystore and
truststore files (probably the 'Creating Keystores' section of the link in the
description)
Sorry for the long delayed review: Thanks a ton for tackling this!
> Provide configurable encryption support for internode communication
> -------------------------------------------------------------------
>
> Key: CASSANDRA-1567
> URL: https://issues.apache.org/jira/browse/CASSANDRA-1567
> Project: Cassandra
> Issue Type: New Feature
> Components: Core
> Reporter: Nirmal Ranganathan
> Assignee: Nirmal Ranganathan
> Fix For: 0.7.1
>
> Attachments: 0001-Adding-SSL-versions-for-streaming-classes.patch,
> 0002-Configurable-internode-encryption-option.patch,
> 0003-Default-Key-and-Certificate-for-internode-SSL.patch
>
>
> Provide the option to encrypt internode communication. The initial thought is
> to use JSSE
> (http://download.oracle.com/javase/6/docs/technotes/guides/security/jsse/JSSERefGuide.html)
> to wrap the existing ServerSocket & Sockets. This will only be an optional
> configuration and not enabled by default. The defaults would be TLS V1, RSA
> 1024-bit keys for handshake and SSL_RSA_WITH_RC4_128_MD5 as the cipher suite.
> Although this can be made configurable if the need arises.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
