[
https://issues.apache.org/jira/browse/ZOOKEEPER-2094?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14236426#comment-14236426
]
Ian Dimayuga commented on ZOOKEEPER-2094:
-----------------------------------------
Currently this is configurable through zookeeper.secureClientCnxns property (or
secureClientCnxns in zoo.cfg), either toggle on or off. Other config properties
used to specify keystore, etc.
I'm working on allowing a server to operate in mixed-mode, i.e. accept both
secure and unsecured connections for staged rollout purposes.
I'm considering scrapping the zookeeper.secureClientCnxns property in favor of
keying off of the existence of clientPort and secureClientPort properties, as
follows:
If and only if clientPort exists, then accept unsecured connections at that
port.
If and only if secureClientPort exists, then accept secured connections at that
port.
Thoughts?
> SSL support for NettyServerCnxnFactory
> --------------------------------------
>
> Key: ZOOKEEPER-2094
> URL: https://issues.apache.org/jira/browse/ZOOKEEPER-2094
> Project: ZooKeeper
> Issue Type: Sub-task
> Components: server
> Affects Versions: 3.4.6, 3.5.0
> Reporter: Ian Dimayuga
> Assignee: Ian Dimayuga
> Fix For: 3.4.7, 3.5.1
>
> Attachments: ZOOKEEPER-2094.patch
>
>
> Add SSL handler to Netty pipeline, and a default X509AuthenticationProvider
> to perform authentication.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
