[Openstack] [swift] Can replication and proxy-to-storage communication be encrypted?
Mark Kirkwood
mark.kirkwood at catalyst.net.nz
Thu Mar 31 01:50:39 UTC 2016
Hi,
I'm looking at configuring a multi region cluster, and am thinking about
what type of encryption is needed for inter region traffic, and where
this needs to be done (e.g VPN or swift encrypting its own communication).
My quick scan of the code seems[1] to point to internal communication
being http only - but I'm asking in case I've missed something!
regards
Mark
[1]
Examining files in swift/obj,proxy,common it looks like proxy-to-storage
(and storage-to-storage) communication is always unencrypted (i.e
common/bufferedhttp:http_connect is called without ssl set).
Also looking at swift/obj/ssync_sender.py it seems to me that
replication is not encrypted either.
More information about the Openstack
mailing list