[jira] [Commented] (BOOKKEEPER-588) SSL support

Wed, 03 Jul 2013 02:05:37 -0700 

    [ 
https://issues.apache.org/jira/browse/BOOKKEEPER-588?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13698759#comment-13698759
 ] 

Ivan Kelly commented on BOOKKEEPER-588:
---------------------------------------

{quote}1. it is hard to figure out what bookie is running ssl or what bookie is 
not running ssl, when you are looking into a ledger metadata or 
/ledger/available znode (if using different port, it is easy to know).{quote}
This is relying on a sideeffect to derive information. Really, it would be 
better to have an explicit way to request the configuration from the bookie, 
through a web interface or jmx or something. The problem with having this in 
/ledgers/available is that it leaves out some other very relevant information, 
i.e. whether SSL is _required_ to connect to the bookie or not. Actually, the 
dual port scheme breaks down completely if SSL is required, as you will specify 
a non-ssl port which will be unusable. starttls prevents this. This is alluded 
to in the 3rd point of the expanation in the imap tls rfc.

{quote}2. it isn't straightforward to dump ssl & non-ssl mixed stream. that's 
the part what I meant for troubleshooting.{quote}
>From experience, dumping any ssl stream is a massive pain, so much so, that 
>I've never even bothered to go through with in.

{quote}as my view, an additional port might make things clear and 
manageable.{quote}
So, I'm of the opposite view. For startTLS, the admin just needs to flick one 
switch to turn ssl on. It also will keep the identifier management much simpler 
for us on the development side.
                
> SSL support
> -----------
>
>                 Key: BOOKKEEPER-588
>                 URL: https://issues.apache.org/jira/browse/BOOKKEEPER-588
>             Project: Bookkeeper
>          Issue Type: Sub-task
>            Reporter: Ivan Kelly
>            Assignee: Ivan Kelly
>             Fix For: 4.3.0
>
>         Attachments: 0004-BOOKKEEPER-588-SSL-support-for-bookkeeper.patch
>
>
> SSL support using startTLS

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira

Reply via email to