[jira] [Resolved] (CASSANDRA-7528) certificate not validated for internode SSL encryption.

Brandon Williams (JIRA) Thu, 10 Jul 2014 10:13:08 -0700

     [ 
https://issues.apache.org/jira/browse/CASSANDRA-7528?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]


Brandon Williams resolved CASSANDRA-7528.
-----------------------------------------

       Resolution: Fixed
    Fix Version/s: 2.1.0
                   2.0.10

Committed.

> certificate not validated for internode SSL encryption.
> -------------------------------------------------------
>
>                 Key: CASSANDRA-7528
>                 URL: https://issues.apache.org/jira/browse/CASSANDRA-7528
>             Project: Cassandra
>          Issue Type: Improvement
>          Components: Core
>         Environment: Amazon Linux on various AWS EC2 instance types.
>            Reporter: Joseph Clark
>            Assignee: Brandon Williams
>             Fix For: 2.0.10, 2.1.0
>
>         Attachments: 7528.txt
>
>
> An expired certificate may be used to encrypt internode communication.
> To reproduce, set the server_encryption_options to enable internode 
> encryption. Add the private key to the specified .keystore, and an expired 
> certificate generated using the private key to the specified truststore. The 
> same keys are used far all cassandra nodes in the cluster. 
> When cassandra is started, it is able to communicate with other cassandra 
> nodes even though the certificate is expired.



--
This message was sent by Atlassian JIRA
(v6.2#6252)

[jira] [Resolved] (CASSANDRA-7528) certificate not validated for internode SSL encryption.

Reply via email to