[ https://issues.apache.org/jira/browse/CASSANDRA-7528?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Brandon Williams resolved CASSANDRA-7528. ----------------------------------------- Resolution: Fixed Fix Version/s: 2.1.0 2.0.10 Committed. > certificate not validated for internode SSL encryption. > ------------------------------------------------------- > > Key: CASSANDRA-7528 > URL: https://issues.apache.org/jira/browse/CASSANDRA-7528 > Project: Cassandra > Issue Type: Improvement > Components: Core > Environment: Amazon Linux on various AWS EC2 instance types. > Reporter: Joseph Clark > Assignee: Brandon Williams > Fix For: 2.0.10, 2.1.0 > > Attachments: 7528.txt > > > An expired certificate may be used to encrypt internode communication. > To reproduce, set the server_encryption_options to enable internode > encryption. Add the private key to the specified .keystore, and an expired > certificate generated using the private key to the specified truststore. The > same keys are used far all cassandra nodes in the cluster. > When cassandra is started, it is able to communicate with other cassandra > nodes even though the certificate is expired. -- This message was sent by Atlassian JIRA (v6.2#6252)