[
https://issues.apache.org/jira/browse/CASSANDRA-8803?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14906156#comment-14906156
]
Norman Maurer commented on CASSANDRA-8803:
------------------------------------------
[~brandon.williams] I have a patch here that I would like to submit to allow
serve SSL and non SSL on the same port without the need for STARTTLS etc. This
will make things a lot easier. Should I just reopen this issue and attach the
patch here or what ?
> Implement transitional mode in C* that will accept both encrypted and
> non-encrypted client traffic
> --------------------------------------------------------------------------------------------------
>
> Key: CASSANDRA-8803
> URL: https://issues.apache.org/jira/browse/CASSANDRA-8803
> Project: Cassandra
> Issue Type: Improvement
> Components: Core
> Reporter: Vishy Kasar
>
> We have some non-secure clusters taking live traffic in production from
> active clients. We want to enable client to node encryption on these
> clusters. Once we set the client_encryption_options enabled to true in yaml
> and bounce a cassandra node in the ring, the existing clients that do not do
> SSL will fail to connect to that node.
> There does not seem to be a good way to roll this change with out taking an
> outage. Can we implement a transitional mode in C* that will accept both
> encrypted and non-encrypted client traffic? We would enable this during
> transition and turn it off after both server and client start talking SSL.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
