[
https://issues.apache.org/jira/browse/ZOOKEEPER-236?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15991285#comment-15991285
]
ASF GitHub Bot commented on ZOOKEEPER-236:
------------------------------------------
Github user afine commented on a diff in the pull request:
https://github.com/apache/zookeeper/pull/184#discussion_r114175213
--- Diff:
src/java/main/org/apache/zookeeper/server/quorum/QuorumCnxManager.java ---
@@ -438,9 +447,18 @@ synchronized private boolean connectOne(long sid,
InetSocketAddress electionAddr
Socket sock = null;
try {
LOG.debug("Opening channel to server " + sid);
- sock = new Socket();
- setSockOpts(sock);
- sock.connect(electionAddr, cnxTO);
+ if (self.isSslQuorum()) {
+ SSLSocket sslSock = x509Util.createSSLSocket();
+ setSockOpts(sslSock);
+ sslSock.connect(electionAddr, cnxTO);
+ sslSock.startHandshake();
--- End diff --
So I believe in 3.4 we have a workaround for this for SASL
https://github.com/apache/zookeeper/blob/branch-3.4/src/java/main/org/apache/zookeeper/server/quorum/QuorumCnxManager.java#L583
I agree that this is something we should document and we should fix the
root cause elsewhere.
> SSL Support for Atomic Broadcast protocol
> -----------------------------------------
>
> Key: ZOOKEEPER-236
> URL: https://issues.apache.org/jira/browse/ZOOKEEPER-236
> Project: ZooKeeper
> Issue Type: New Feature
> Components: quorum, security, server
> Reporter: Benjamin Reed
> Assignee: Abraham Fine
> Labels: ssl
>
> We should have the ability to use SSL to authenticate and encrypt the traffic
> between ZooKeeper servers. For the most part this is a very easy change. We
> would probably only want to support this for TCP based leader elections.
--
This message was sent by Atlassian JIRA
(v6.3.15#6346)
