cassandra-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Apache Wiki <wikidi...@apache.org>
Subject [Cassandra Wiki] Update of "InternodeEncryption" by DavidAllsopp
Date Fri, 11 Nov 2011 20:32:17 GMT
Dear Wiki user,

You have subscribed to a wiki page or wiki category on "Cassandra Wiki" for change notification.

The "InternodeEncryption" page has been changed by DavidAllsopp:
http://wiki.apache.org/cassandra/InternodeEncryption?action=diff&rev1=1&rev2=2

Comment:
Added details from cassandra.yaml, and mention of inter-rack encryption

  Inter-node encryption uses standard TLS/SSL to authenticate and encrypt messages between
nodes, to preotect data in transit between nodes, and to prevent unauthorized access to/control
of nodes.
  
- Encryption can be applied to all inter-node messages, or just messages crossing from one
Datacenter to another.
+ Encryption can be applied to all inter-node messages, just messages crossing from one rack
to another, or just messages crossing from one datacenter to another.
  
  This page needs fleshing out... skeleton instructions from https://issues.apache.org/jira/browse/CASSANDRA-3051
are:
  
   1. follow the steps for generating a keystore and a trust store here: http://download.oracle.com/javase/6/docs/technotes/guides/security/jsse/JSSERefGuide.html#CreateKeystore
-  2. plug those files into encryption_options in cassandra.yaml
+  2. plug those files into `encryption_options` in `cassandra.yaml`
-  3. make sure encryption_options.internode_encryption = all in the yaml.
+  3. make sure `encryption_options.internode_encryption = all` in the yaml.
+ 
+ See the section at the bottom of `conf/cassandra.yaml`:
+ 
+ {{{
+ # Enable or disable inter-node encryption
+ # Default settings are TLS v1, RSA 1024-bit keys (it is imperative that
+ # users generate their own keys) TLS_RSA_WITH_AES_128_CBC_SHA as the cipher
+ # suite for authentication, key exchange and encryption of the actual data transfers.
+ # NOTE: No custom encryption options are enabled at the moment
+ # The available internode options are : all, none, dc, rack
+ #
+ # If set to dc cassandra will encrypt the traffic between the DCs
+ # If set to rack cassandra will encrypt the traffic between the racks
+ #
+ # The passwords used in these options must match the passwords used when generating
+ # the keystore and truststore.  For instructions on generating these files, see:
+ # http://download.oracle.com/javase/6/docs/technotes/guides/security/jsse/JSSERefGuide.html#CreateKeystore
+ encryption_options:
+     internode_encryption: none
+     keystore: conf/.keystore
+     keystore_password: cassandra
+     truststore: conf/.truststore
+     truststore_password: cassandra
+ }}}
  
  ----
  

Mime
View raw message