How does Cassandra node-to-node and client-to-node encryption actually work?

Question

I have successfully setup node-to-node and client-to-node encryption with Cassandra 3.3, including the cqlsh configuration. My questions are about how it all actually works.

In both cases I need to provide a key-certificate for each actor (node and client). Is this used for encryption or authentication? I strongly expect it is used for authentication only, then a symmetric key is generated for encryption. Is this right? In client-to-node encryption I notice that both the nodes and the clients need a key-certificate, so I assume the exchange is not only server-authenticated but also client-authenticated. Is this correct?

Note: In the above I use "authentication" to mean that the actors can trust each other, not that they know the details of each other's identity. This is totally separate from how Cassandra authenticates users.

I am asking these questions because I am thinking about using a unique self-signed certificate on all the nodes for node-to-node encryption, and another unique self-signed certificate for client-to-node encryption. If my understanding is correct this would not compromise encryption. Is this right?

Answer 1

Creating certificates is only mandatory for node-to-node communication. Each SSL server needs to have it's own private key to ensure that all communication can only be read by the server. The public certificate created along with the key will be used to authenticate the server. This is important for Cassandra nodes to avoid man-in-the-middle attacks and is implemented by checking if certificates can be authenticated through the local node's truststore.

As for client-to-node communication, authentication is optional and you don't need to create any certificate at all if you don't enable require_client_auth. In this case the SSL key will be created transparently just as if you connect from your browser to an SSL protected website. The question if you should enable client authentication or not depends on if you're going to use user logins in Cassandra or plan to use anonymous logins. In case you're using the internal Cassandra authentication process using a username and password, there's little use to also enable SSL authentication.

I am asking these questions because I am thinking about using a unique self-signed certificate on all the nodes for node-to-node encryption, and another unique self-signed certificate for client-to-node encryption.

If you're comfortable create a unique self-signed cert for each node and add it to each node's truststore, just go for it. It's probably the simplest and safest way to handle this, but will be very inconvenient for large clusters. An alternative option would be to establish trust through a common CA for all your nodes. This will avoid having to import all self-signed certs to each truststore. Using a CA will make it easier to add nodes to your cluster, but also requires to establish a way to sign new certificates safely using the CA.