[
https://issues.apache.org/jira/browse/ZOOKEEPER-236?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15948383#comment-15948383
]
Powell Molleti commented on ZOOKEEPER-236:
------------------------------------------
Hi Abe,
I have added my comments on PR directly. We could table the hostname
verification for next iteration of SSL support to move forward if required. For
server to server SSL I think this is useful but will need help from QuorumPeer.
Also for server to client SSL this is most likely not used. Performing a
reverse DNS lookup to verify will mean that there is implicit trust for this,
if customers provide just hostnames(or IPs) then that is the basis for trust
and DNS reverse lookup might not be.
Let me know what you think.
Cheers.
Powell.
> SSL Support for Atomic Broadcast protocol
> -----------------------------------------
>
> Key: ZOOKEEPER-236
> URL: https://issues.apache.org/jira/browse/ZOOKEEPER-236
> Project: ZooKeeper
> Issue Type: New Feature
> Components: quorum, server
> Reporter: Benjamin Reed
> Assignee: Abraham Fine
> Priority: Minor
>
> We should have the ability to use SSL to authenticate and encrypt the traffic
> between ZooKeeper servers. For the most part this is a very easy change. We
> would probably only want to support this for TCP based leader elections.
--
This message was sent by Atlassian JIRA
(v6.3.15#6346)
