[
https://issues.apache.org/jira/browse/CASSANDRA-7528?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14057676#comment-14057676
]
Jason Brown commented on CASSANDRA-7528:
----------------------------------------
lgtm, +1. I wonder, though, if checking if the cert is an instance of
X509Certificate is any better than calling cert.getType().equals("X.509").
> certificate not validated for internode SSL encryption.
> -------------------------------------------------------
>
> Key: CASSANDRA-7528
> URL: https://issues.apache.org/jira/browse/CASSANDRA-7528
> Project: Cassandra
> Issue Type: Improvement
> Components: Core
> Environment: Amazon Linux on various AWS EC2 instance types.
> Reporter: Joseph Clark
> Assignee: Brandon Williams
> Attachments: 7528.txt
>
>
> An expired certificate may be used to encrypt internode communication.
> To reproduce, set the server_encryption_options to enable internode
> encryption. Add the private key to the specified .keystore, and an expired
> certificate generated using the private key to the specified truststore. The
> same keys are used far all cassandra nodes in the cluster.
> When cassandra is started, it is able to communicate with other cassandra
> nodes even though the certificate is expired.
--
This message was sent by Atlassian JIRA
(v6.2#6252)
