maulin-vasavada commented on code in PR #3457:
URL: https://github.com/apache/cassandra/pull/3457#discussion_r1839535395
##########
src/java/org/apache/cassandra/utils/JMXServerUtils.java:
##########
@@ -243,10 +254,18 @@ private static Map<String, Object>
configureJmxSocketFactories(InetAddress serve
SslRMIClientSocketFactory clientFactory = new
SslRMIClientSocketFactory();
SslRMIServerSocketFactory serverFactory = new
SslRMIServerSocketFactory(ciphers, protocols, requireClientAuth);
- env.put(RMIConnectorServer.RMI_SERVER_SOCKET_FACTORY_ATTRIBUTE,
serverFactory);
- env.put(RMIConnectorServer.RMI_CLIENT_SOCKET_FACTORY_ATTRIBUTE,
clientFactory);
- env.put("com.sun.jndi.rmi.factory.socket", clientFactory);
- logJmxSslConfig(serverFactory);
+ setSocketFactoriesInEnv(env, clientFactory, serverFactory);
+ }
+ else if (jmxEncryptionOptions != null &&
jmxEncryptionOptions.getEnabled() != null && jmxEncryptionOptions.getEnabled())
+ {
+ logger.info("Enabling JMX SSL using jmx_encryption_options from
cassandra.yaml");
+ // Here we can continue to use the SslRMIClientSocketFactory for
client sockets.
+ // However, we should still set System properties for
cipher_suites and enabled_protocols
+ // to have the same behavior as cassandra-env.sh based JMX SSL
settings
+ setJmxSystemProperties(jmxEncryptionOptions);
Review Comment:
addressed in https://github.com/apache/cassandra/pull/3638
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
