[ https://issues.apache.org/jira/browse/CASSANDRA-18124?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17699105#comment-17699105 ]
Maulin Vasavada edited comment on CASSANDRA-18124 at 3/10/23 8:36 PM: ---------------------------------------------------------------------- Thanks [~brandon.williams] . [~smiklosovic] While modifying the code to allow null password configuration for the PEM I am running into a challenge due to the default logic to fallback to `keystore_password` configuration in case `key_password` configuration (created for the PEM) is null/missing. Due to that fallback logic we have to change default for the `keystore_password` also to be null (specifically in EncryptionOptions.java). I think we have two options- # Drop the fallback logic reading the `keystore_password` in case of PEM keys. ## This fallback logic was done primarily to support a use-case for PEM keys provided in a file with existing `keystore` configuration in which case it also makes sense to continue read the key password from the `keystore_password`configuration. # Make `keystore_password` nullable configuration which means removing the default value injected by EncryptionOptions.java ## I think we can make this nullable since practically operators might not have JKS keystores without the passwords except for a missed-configuration use-case AND for PEM it makes perfect sense to allow null password for the unencrypted keys. ## However, since we are changing the default for an older configuration, we have to give more thoughts on its effect on existing systems. Let me see what 2nd option entails (in terms of tests etc) while you provide you thoughts on this. was (Author: maulin.vasavada): Thanks [~brandon.williams] . [~smiklosovic] While modifying the code to allow null password configuration for the PEM I am running into a challenge due to the default logic to fallback to `keystore_password` configuration in case `key_password` configuration (created for the PEM) is null/missing. Due to that fallback logic we have to change default for the `keystore_password` also to be null (specifically in EncryptionOptions.java). I think we have two options- # Drop the fallback logic reading the `keystore_password` in case of PEM keys. ## This fallback logic was done primarily to support a use-case for PEM keys provided in a file with existing `keystore` configuration in which case it also makes sense to continue read the key password from the `keystore_password`configuration. # Make `keystore_password` nullable configuration which means removing the default value injected by EncryptionOptions.java ## I think we can make this nullable since practically operators might not have JKS keystores with the passwords except for a missed-configuration use-case AND for PEM it makes perfect sense to allow null password for the unencrypted keys. ## However, since we are changing the default for an older configuration, we have to give more thoughts on its effect on existing systems. Let me see what 2nd option entails (in terms of tests etc) while you provide you thoughts on this. > Config parameter keystore_password should be nullable > ----------------------------------------------------- > > Key: CASSANDRA-18124 > URL: https://issues.apache.org/jira/browse/CASSANDRA-18124 > Project: Cassandra > Issue Type: Bug > Components: Local/Config > Reporter: Tibor Repasi > Assignee: Maulin Vasavada > Priority: Normal > Fix For: 4.1.x, 5.x > > > Some SSL configuration may pass unencrypted private keys. PEMReader might > accept that by assuming keyPassword to be null in that case (e.g. > https://github.com/apache/cassandra/blob/f9e033f519c14596da4dc954875756a69aea4e78/src/java/org/apache/cassandra/security/PEMReader.java#L103). > Current configuration reader does not accept keystore_password parameter to > be set null or empty in the cassandra.yaml. -- This message was sent by Atlassian Jira (v8.20.10#820010) --------------------------------------------------------------------- To unsubscribe, e-mail: commits-unsubscr...@cassandra.apache.org For additional commands, e-mail: commits-h...@cassandra.apache.org