[jira] Commented: (CASSANDRA-1567) Provide configurable encryption support for internode communication

Mon, 18 Oct 2010 16:25:54 -0700 

    [ 
https://issues.apache.org/jira/browse/CASSANDRA-1567?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12922349#action_12922349
 ] 

Nirmal Ranganathan commented on CASSANDRA-1567:
-----------------------------------------------

bq. For 0001, I would really like to see an A(bstract)StreamableSocket rather 
than complete duplication of the Stream classes
Done
bq. Rather than a boolean, the internode_encryption setting should probably be 
an enum, to leave room to add conditional encryption based on zones returned by 
the snitch
Updated to use an enum, just (all, none) for now.
bq. The SSL settings in JVM_OPTS should be disabled by default, and need a 
comment linking to a place to get more information about the keystore and 
truststore files (probably the 'Creating Keystores' section of the link in the 
description)
Having those properties in should not be a problem. We can provide a wiki page 
on how to get everything setup. 

> Provide configurable encryption support for internode communication
> -------------------------------------------------------------------
>
>                 Key: CASSANDRA-1567
>                 URL: https://issues.apache.org/jira/browse/CASSANDRA-1567
>             Project: Cassandra
>          Issue Type: New Feature
>          Components: Core
>            Reporter: Nirmal Ranganathan
>            Assignee: Nirmal Ranganathan
>             Fix For: 0.7.1
>
>         Attachments: 0002-Configurable-internode-encryption-option.patch, 
> 0003-Default-Key-and-Certificate-for-internode-SSL.patch
>
>
> Provide the option to encrypt internode communication. The initial thought is 
> to use JSSE 
> (http://download.oracle.com/javase/6/docs/technotes/guides/security/jsse/JSSERefGuide.html)
>  to wrap the existing ServerSocket & Sockets. This will only be an optional 
> configuration and not enabled by default. The defaults would be TLS V1, RSA 
> 1024-bit keys for handshake and SSL_RSA_WITH_RC4_128_MD5 as the cipher suite. 
> Although this can be made configurable if the need arises. 

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.

Reply via email to