[ https://issues.apache.org/jira/browse/CASSANDRA-17367?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Brandon Williams updated CASSANDRA-17367: ----------------------------------------- Status: Open (was: Patch Available) > sstableloader ignores streaming encryption settings > --------------------------------------------------- > > Key: CASSANDRA-17367 > URL: https://issues.apache.org/jira/browse/CASSANDRA-17367 > Project: Cassandra > Issue Type: Bug > Components: Tool/bulk load > Reporter: Dmitry Potepalov > Assignee: Dmitry Potepalov > Priority: Normal > Fix For: 4.0.x, 4.x > > Attachments: 17367-4.0.txt, 17367-trunk.txt > > > Reproducible in Cassandra 4.x. If one configures encryption for streaming in > config yaml fed to sstableloader like this > {{server_encryption_options:}} > {{ internode_encryption: all}} > {{ keystore: sstableloader.keystore.p12}} > {{ keystore_password: changeit}} > {{ truststore: sstableloader.truststore.jks}} > {{ truststore_password: changeit}} > then sstableloader should perform an SSL handshake on the streaming > connections and encrypt the payload. But this does not happen. Judging by the > TCPdump of the outgoing traffic on the internode port, sstableloader sends > plaintext traffic. This is the TCP payload of the first packet that > sstableloader sends after establishing TCP connection: > {{ca 55 2d fa 0c 0c 0c 08 06 0a f0 01 f9 1b 58 a8 32 f2 d0}} > The first 4 bytes look like Cassandra protocol magic, not like a client hello. > I've discovered the issue while trying to migrate some data to a Cassandra 4 > listening on the legacy ssl storage port (therefore, accepting only encrypted > connections on that port). Streaming phase of the migration failed with a > "connection closed" error, which hints that the connection was closed > server-side. -- This message was sent by Atlassian Jira (v8.20.1#820001) --------------------------------------------------------------------- To unsubscribe, e-mail: commits-unsubscr...@cassandra.apache.org For additional commands, e-mail: commits-h...@cassandra.apache.org