[ https://issues.apache.org/jira/browse/CASSANDRA-1567?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12922349#action_12922349 ]
Nirmal Ranganathan commented on CASSANDRA-1567: ----------------------------------------------- bq. For 0001, I would really like to see an A(bstract)StreamableSocket rather than complete duplication of the Stream classes Done bq. Rather than a boolean, the internode_encryption setting should probably be an enum, to leave room to add conditional encryption based on zones returned by the snitch Updated to use an enum, just (all, none) for now. bq. The SSL settings in JVM_OPTS should be disabled by default, and need a comment linking to a place to get more information about the keystore and truststore files (probably the 'Creating Keystores' section of the link in the description) Having those properties in should not be a problem. We can provide a wiki page on how to get everything setup. > Provide configurable encryption support for internode communication > ------------------------------------------------------------------- > > Key: CASSANDRA-1567 > URL: https://issues.apache.org/jira/browse/CASSANDRA-1567 > Project: Cassandra > Issue Type: New Feature > Components: Core > Reporter: Nirmal Ranganathan > Assignee: Nirmal Ranganathan > Fix For: 0.7.1 > > Attachments: 0002-Configurable-internode-encryption-option.patch, > 0003-Default-Key-and-Certificate-for-internode-SSL.patch > > > Provide the option to encrypt internode communication. The initial thought is > to use JSSE > (http://download.oracle.com/javase/6/docs/technotes/guides/security/jsse/JSSERefGuide.html) > to wrap the existing ServerSocket & Sockets. This will only be an optional > configuration and not enabled by default. The defaults would be TLS V1, RSA > 1024-bit keys for handshake and SSL_RSA_WITH_RC4_128_MD5 as the cipher suite. > Although this can be made configurable if the need arises. -- This message is automatically generated by JIRA. - You can reply to this email to add a comment to the issue online.