[
https://issues.apache.org/jira/browse/ZOOKEEPER-236?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15930825#comment-15930825
]
Abraham Fine commented on ZOOKEEPER-236:
----------------------------------------
Hi [~geek101]-
bq. Regarding host verification one other way to go is to follow this:
X509ExtendedTrustManager mentions about where to plugin host verification , it
specifically quotes:
Let me know if this is what you had in mind. We do not need to subclass
`X509ExtendedTrustManager` ourselves to get this to work, since the
`X509TrustManagerImpl` object generated by the PKIX trustmanager factory (and
x509 as well I think) extends `X509ExtendedTrustManager` already. If endpoint
verification is set on the sslParameters of the sslSocket we get endpoint
verification for free in `X509ExtendedTrustManager`. The issue is that we are
limited to the built in implementations of endpoint verification but I think
the "https" algorithm is sufficient for our use case.
> SSL Support for Atomic Broadcast protocol
> -----------------------------------------
>
> Key: ZOOKEEPER-236
> URL: https://issues.apache.org/jira/browse/ZOOKEEPER-236
> Project: ZooKeeper
> Issue Type: New Feature
> Components: quorum, server
> Reporter: Benjamin Reed
> Assignee: Abraham Fine
> Priority: Minor
>
> We should have the ability to use SSL to authenticate and encrypt the traffic
> between ZooKeeper servers. For the most part this is a very easy change. We
> would probably only want to support this for TCP based leader elections.
--
This message was sent by Atlassian JIRA
(v6.3.15#6346)
