Differences between revisions 2 and 3
Revision 2 as of 2011-11-11 20:32:16
Size: 2006
Editor: 46
Comment: Added details from cassandra.yaml, and mention of inter-rack encryption
Revision 3 as of 2013-11-14 21:47:15
Size: 2067
Editor: 107
Comment: statcounter
Deletions are marked like this. Additions are marked like this.
Line 38: Line 38:


Inter-node encryption uses standard TLS/SSL to authenticate and encrypt messages between nodes, to preotect data in transit between nodes, and to prevent unauthorized access to/control of nodes.

Encryption can be applied to all inter-node messages, just messages crossing from one rack to another, or just messages crossing from one datacenter to another.

This page needs fleshing out... skeleton instructions from https://issues.apache.org/jira/browse/CASSANDRA-3051 are:

  1. follow the steps for generating a keystore and a trust store here: http://download.oracle.com/javase/6/docs/technotes/guides/security/jsse/JSSERefGuide.html#CreateKeystore

  2. plug those files into encryption_options in cassandra.yaml

  3. make sure encryption_options.internode_encryption = all in the yaml.

See the section at the bottom of conf/cassandra.yaml:

# Enable or disable inter-node encryption
# Default settings are TLS v1, RSA 1024-bit keys (it is imperative that
# users generate their own keys) TLS_RSA_WITH_AES_128_CBC_SHA as the cipher
# suite for authentication, key exchange and encryption of the actual data transfers.
# NOTE: No custom encryption options are enabled at the moment
# The available internode options are : all, none, dc, rack
# If set to dc cassandra will encrypt the traffic between the DCs
# If set to rack cassandra will encrypt the traffic between the racks
# The passwords used in these options must match the passwords used when generating
# the keystore and truststore.  For instructions on generating these files, see:
# http://download.oracle.com/javase/6/docs/technotes/guides/security/jsse/JSSERefGuide.html#CreateKeystore
    internode_encryption: none
    keystore: conf/.keystore
    keystore_password: cassandra
    truststore: conf/.truststore
    truststore_password: cassandra

See also SimpleAuthenticator for details of the authentication of Thrift clients (rather than between nodes).


InternodeEncryption (last edited 2013-11-14 21:47:15 by 107)