[ https://issues.apache.org/jira/browse/CASSANDRA-10404?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16211875#comment-16211875 ]
Jason Brown commented on CASSANDRA-10404: ----------------------------------------- bq. [~spo...@gmail.com]: Would it make sense to fallback to SystemKeyspace.getReleaseVersion(ep) This makes a lot of sense. Will add that in. bq. [~spo...@gmail.com] I've pushed a commit here that will honor the require_endpoint_verification flag for incoming connections. Oops, yeah, looks like I missed adding adding the hostname check on the optional-tls path. thanks! bq. we should also enable require_client_auth by default? I agree with [~eperott] and [~KurtG] that this is a nice goal, but we should not make it default. @stefan, perhaps send out a [DISCUSS] email to user@/dev@ and see if there's some reasonable support for it and we can do it, but I'd prefer not to add more behavior to this ticket. bq. [~eperott] I did some manual verification on these patch sets using mixed major versions with SSL enabled. With good results. I love this, thanks for giving it a test run. bq. [~eperott] I would prefer to keep OutboundConnectionIdentifier.withUpdatedRemotePort() next to withNewConnectionAddress() makes sense bq. [~eperott] If optional: true, then the legacy ssl_storage_port will also accept non-secured connections Good catch - will fix Thanks all. I'll have an updated branch with these changes (and anything else since my last version) in a day or so. > Node to Node encryption transitional mode > ----------------------------------------- > > Key: CASSANDRA-10404 > URL: https://issues.apache.org/jira/browse/CASSANDRA-10404 > Project: Cassandra > Issue Type: New Feature > Reporter: Tom Lewis > Assignee: Jason Brown > Fix For: 4.x > > > Create a transitional mode for encryption that allows encrypted and > unencrypted traffic node-to-node during a change over to encryption from > unencrypted. This alleviates downtime during the switch. > This is similar to CASSANDRA-10559 which is intended for client-to-node -- This message was sent by Atlassian JIRA (v6.4.14#64029) --------------------------------------------------------------------- To unsubscribe, e-mail: commits-unsubscr...@cassandra.apache.org For additional commands, e-mail: commits-h...@cassandra.apache.org