[
https://issues.apache.org/jira/browse/BOOKKEEPER-588?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13698470#comment-13698470
]
Sijie Guo commented on BOOKKEEPER-588:
--------------------------------------
{code}
imaps, pops and smtps are older implementations which simply tunnel over an ssl
socket. starttls versions superceded them.
The TLS with IMAP and POP rfc gives the rationale for this:
https://tools.ietf.org/html/rfc2595#section-7
{code}
ok. sounds true for IMAP and POP.
{code}
How is it harder to debug? We currently don't decode bk wire transmissions, and
doing so with any form of SSL would be a pain anyhow. Once it hits the bookie,
debugging is no more difficult. In fact, I would argue that is makes debugging
and troubleshooting easier, as it halves the number of ports you need to check
are working.
{code}
1. it is hard to figure out what bookie is running ssl or what bookie is not
running ssl, when you are looking into a ledger metadata or /ledger/available
znode (if using different port, it is easy to know).
2. it isn't straightforward to dump ssl & non-ssl mixed stream. that's the part
what I meant for troubleshooting.
as my view, an additional port might make things clear and manageable. but just
my view. I don't have any strong preference.
> SSL support
> -----------
>
> Key: BOOKKEEPER-588
> URL: https://issues.apache.org/jira/browse/BOOKKEEPER-588
> Project: Bookkeeper
> Issue Type: Sub-task
> Reporter: Ivan Kelly
> Assignee: Ivan Kelly
> Fix For: 4.3.0
>
> Attachments: 0004-BOOKKEEPER-588-SSL-support-for-bookkeeper.patch
>
>
> SSL support using startTLS
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira
