[ https://issues.apache.org/jira/browse/ZOOKEEPER-236?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15930825#comment-15930825 ]
Abraham Fine commented on ZOOKEEPER-236: ---------------------------------------- Hi [~geek101]- bq. Regarding host verification one other way to go is to follow this: X509ExtendedTrustManager mentions about where to plugin host verification , it specifically quotes: Let me know if this is what you had in mind. We do not need to subclass `X509ExtendedTrustManager` ourselves to get this to work, since the `X509TrustManagerImpl` object generated by the PKIX trustmanager factory (and x509 as well I think) extends `X509ExtendedTrustManager` already. If endpoint verification is set on the sslParameters of the sslSocket we get endpoint verification for free in `X509ExtendedTrustManager`. The issue is that we are limited to the built in implementations of endpoint verification but I think the "https" algorithm is sufficient for our use case. > SSL Support for Atomic Broadcast protocol > ----------------------------------------- > > Key: ZOOKEEPER-236 > URL: https://issues.apache.org/jira/browse/ZOOKEEPER-236 > Project: ZooKeeper > Issue Type: New Feature > Components: quorum, server > Reporter: Benjamin Reed > Assignee: Abraham Fine > Priority: Minor > > We should have the ability to use SSL to authenticate and encrypt the traffic > between ZooKeeper servers. For the most part this is a very easy change. We > would probably only want to support this for TCP based leader elections. -- This message was sent by Atlassian JIRA (v6.3.15#6346)