[jira] [Updated] (HBASE-27318) Configuration to allow client fallback to non-SSL if handshake fails

Tue, 23 Aug 2022 06:33:06 -0700 


     [ 
https://issues.apache.org/jira/browse/HBASE-27318?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Bryan Beaudreault updated HBASE-27318:
--------------------------------------
    Summary: Configuration to allow client fallback to non-SSL if handshake 
fails  (was: Configuration to allow fallback to non-SSL if handshake fails)

> Configuration to allow client fallback to non-SSL if handshake fails
> --------------------------------------------------------------------
>
>                 Key: HBASE-27318
>                 URL: https://issues.apache.org/jira/browse/HBASE-27318
>             Project: HBase
>          Issue Type: Improvement
>            Reporter: Bryan Beaudreault
>            Priority: Major
>
> [~zhangduo] brought up a great idea when reviewing the new native TLS docs. 
> Since HMasters and RegionServers are both clients and servers, currently it 
> requires multiple cluster restarts to transition an existing cluster to TLS:
> {quote}1. Enable {{hbase.server.netty.tls.enabled}} only, with 
> supportPlaintext=true. After restart, servers will _accept_ TLS, but not 
> _send_ TLS. 
> 2. Additionally enable {{hbase.client.netty.tls.enabled}} on servers, keeping 
> supportPlaintext=true. After restart, servers will now _accept and send_ TLS.
> 3. Remove supportPlaintext=true. After restart, servers will reject requests 
> if not TLS.
> Clients can be updated to use {{hbase.client.netty.tls.enabled}} either after 
> step 1 or 2, but before 3.
> {quote}
> This could be simplified by allowing the client-side to also fallback to 
> plaintext if handshake fails:
> {quote}Theoretically at client side it is possible. In the NettyRpcConnection 
> implementation, before the ssl handshake finishes, we will not send any data 
> out. So if we want to fallback to non ssl communication, we could just remove 
> the ssl handler and set up the connection without encryption. But probably at 
> server side we will just close the connection...
> {quote}
> We'd need to test to see how the server-side handles this downgrade, per the 
> last sentence above.



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

Reply via email to