[
https://issues.apache.org/jira/browse/CASSANDRA-13404?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15956937#comment-15956937
]
Stefan Podkowinski commented on CASSANDRA-13404:
------------------------------------------------
I think it was mentioned somewhere that reusing SSLContext instances would be
preferable in the future due to performance reasons. We'd have to change the
code to either return a shared or a newly created instance if we would add this
feature.
The main motivation for CASSANDRA-9220 and related client tickets was to
prevent men-in-the-middle attacks. If you send your login credentials, you have
to make sure that the connection hasn't been compromised and therefor it's
important to verify that the peer is really the server you think you're talking
to. This can be done by verifying the trust chain of the certificate and the
hostname for which the certificate has been issued for.
Once the connection has been verified, the connection confidentiality has been
established and there's no point for the server to in turn verify the client
certificate again to prevent MiM. The only scenario where it would make sense
to verify clients is when you're not able to verify server certificates
correctly on the client side. At least the Java and Python driver should now do
this correctly (incl. hostnames), but there could be other clients where you'd
prefer to verify from server side. But given operational implications (there
are usually much more client nodes than cluster nodes in the network) of having
to manage a lot of certificates for a potentially elastic number of clients,
this would be a quite heavy handed way to address this issue for most users. In
this case you probably would want to spend the effort fixing the clients to
correctly verify the servers.
This doesn't mean I'm -1 here as long as code changes are small, but just
wanted to share my thoughts why this hasn't been implemented yet.
> Hostname verification for client-to-node encryption
> ---------------------------------------------------
>
> Key: CASSANDRA-13404
> URL: https://issues.apache.org/jira/browse/CASSANDRA-13404
> Project: Cassandra
> Issue Type: New Feature
> Reporter: Jan Karlsson
> Assignee: Jan Karlsson
> Fix For: 4.x
>
> Attachments: 13404-trunk.txt
>
>
> Similarily to CASSANDRA-9220, Cassandra should support hostname verification
> for client-node connections.
--
This message was sent by Atlassian JIRA
(v6.3.15#6346)
