[
https://issues.apache.org/jira/browse/CASSANDRA-10724?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15148668#comment-15148668
]
Stefan Podkowinski commented on CASSANDRA-10724:
------------------------------------------------
Username/password authentication is only taking place for client-to-node
communication at the beginning of _each_ connection using SASL over an
unencrypted or TLS secured connection. In case of TLS, all further data will be
send encrypted afterwards. I'm not aware of any ways to downgrade the TLS
connection to plaintext after authentication, if that's what you're suggesting.
Can you elaborate why you need to make sure to protect the user credentials,
but would be fine by sending all actual data unencrypted?
> Allow option to only encrypt username/password transfer, not data
> -----------------------------------------------------------------
>
> Key: CASSANDRA-10724
> URL: https://issues.apache.org/jira/browse/CASSANDRA-10724
> Project: Cassandra
> Issue Type: New Feature
> Reporter: Thom Valley
> Priority: Minor
>
> Turning on SSL for both client->node and node->node connections is a resource
> intensive (expensive) operation.
> Being able to only encrypt the username/password when passed (or looked up)
> as an option would greatly reduce the encryption / decryption overhead
> created by turning on SSL for all traffic.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
