SSL support for zk client #40
Comments
|
Can you tell me a little bit more about the user case? As far as I know, most zookeeper clusters are secured within the private networks, SSL is less relevant in that setup. |
|
Also, currently the communication between zookeepers are still in plain text even you enable the ssl between client and server, which make the ssl support less relevant. |
|
You are right. Currently zookeeper does not support ssl over server-server communication. I think people are working on it and it might see the light of day in upcoming releases. One possible use case for ssl over server-client communication might be - when servers are within private networks and clients need to connect from outside to the cluster. |
|
The reason SSL is important is when setting up ACLs. SSL keys are then used for authentication. This isn't as much about socket level security as much as it is about authentication for zookeeper. See https://cwiki.apache.org/confluence/display/ZOOKEEPER/ZooKeeper+SSL+User+Guide for more details. |
|
Are there plans to enable SSL anytime soon? I would be up for contribution. From what I see, it should not require a lot of effort. |
Is there a plan to add ssl support for the client?
The text was updated successfully, but these errors were encountered: