[ https://issues.apache.org/jira/browse/HBASE-27318?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17583638#comment-17583638 ]
Duo Zhang commented on HBASE-27318: ----------------------------------- We should implement this, maybe a parameter to say whether the client allows the fallback. But it is not easy as I said in the PR's comment, the server will close the connection, no doubt, as it receives unexpected data... So I guess we need to reconnect without adding the SslHandler. But first, we need to find out what the server will return to us when it does not support TLS, as I do not think we should always fallback, for example, if we get a connection refuse then we should just fail immediately... Thanks. > Configuration to allow client fallback to non-SSL if handshake fails > -------------------------------------------------------------------- > > Key: HBASE-27318 > URL: https://issues.apache.org/jira/browse/HBASE-27318 > Project: HBase > Issue Type: Improvement > Reporter: Bryan Beaudreault > Priority: Major > > [~zhangduo] brought up a great idea when reviewing the new native TLS docs. > Since HMasters and RegionServers are both clients and servers, currently it > requires multiple cluster restarts to transition an existing cluster to TLS: > {quote}1. Enable {{hbase.server.netty.tls.enabled}} only, with > supportPlaintext=true. After restart, servers will _accept_ TLS, but not > _send_ TLS. > 2. Additionally enable {{hbase.client.netty.tls.enabled}} on servers, keeping > supportPlaintext=true. After restart, servers will now _accept and send_ TLS. > 3. Remove supportPlaintext=true. After restart, servers will reject requests > if not TLS. > Clients can be updated to use {{hbase.client.netty.tls.enabled}} either after > step 1 or 2, but before 3. > {quote} > This could be simplified by allowing the client-side to also fallback to > plaintext if handshake fails: > {quote}Theoretically at client side it is possible. In the NettyRpcConnection > implementation, before the ssl handshake finishes, we will not send any data > out. So if we want to fallback to non ssl communication, we could just remove > the ssl handler and set up the connection without encryption. But probably at > server side we will just close the connection... > {quote} > We'd need to test to see how the server-side handles this downgrade, per the > last sentence above. -- This message was sent by Atlassian Jira (v8.20.10#820010)