mirror of
https://github.com/scylladb/scylladb.git
synced 2026-04-24 18:40:38 +00:00
280cd23c13
Fixes #18903 Adds a "transitional" internode encryption mode, under which all _outgoing_ RPC connections will use TLS, but we will still accept any incoming non-tls connection. This allows an operator to perform a move to TLS RPC without cluster downtime: 1. For each server, add certificate etc options to server_encryption_options + internode_encryption=none + set ssl_storage_port + restart (rolling) 2. For each server, set internode_encryption=transitional + RR 3. For each server, set internode_encryption=all + RR Closes scylladb/scylladb#18939 * github.com:scylladb/scylladb: test::topology: Add test for TLS upgrade and downgrade of internode encryption docs: Add internode_encryption=transitional documentation messaging_service: Add "transitional" internode encryptipn mode messaging_service: Create TLS connector even if internode_enc=none when certs set
