[ https://issues.apache.org/jira/browse/CASSANDRA-7528?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14057676#comment-14057676 ]
Jason Brown commented on CASSANDRA-7528: ---------------------------------------- lgtm, +1. I wonder, though, if checking if the cert is an instance of X509Certificate is any better than calling cert.getType().equals("X.509"). > certificate not validated for internode SSL encryption. > ------------------------------------------------------- > > Key: CASSANDRA-7528 > URL: https://issues.apache.org/jira/browse/CASSANDRA-7528 > Project: Cassandra > Issue Type: Improvement > Components: Core > Environment: Amazon Linux on various AWS EC2 instance types. > Reporter: Joseph Clark > Assignee: Brandon Williams > Attachments: 7528.txt > > > An expired certificate may be used to encrypt internode communication. > To reproduce, set the server_encryption_options to enable internode > encryption. Add the private key to the specified .keystore, and an expired > certificate generated using the private key to the specified truststore. The > same keys are used far all cassandra nodes in the cluster. > When cassandra is started, it is able to communicate with other cassandra > nodes even though the certificate is expired. -- This message was sent by Atlassian JIRA (v6.2#6252)