Honest to god, I do not know, Abe. If I see a feedback where we reach consensus to deprecate dual port support, I will deprecate that.
On Wed, Feb 7, 2024 at 12:42 PM Abe Ratnofsky <a...@aber.io> wrote: > CASSANDRA-9590 (Support for both encrypted and unencrypted native > transport connections) was implemented before CASSANDRA-10559 (Support > encrypted and plain traffic on the same port), but both been available > since 3.0. > > On 9590, STARTTLS was considered, but rejected due to the changes that > would be required to support it from all drivers. But the current server > implementation doesn't require STARTTLS: the client is expected to send the > first message over the connection, so the server can just check if that > message is encrypted > <https://github.com/netty/netty/blob/5d452bc8673721b3caa44c727785e7327ac860b5/handler/src/main/java/io/netty/handler/ssl/SslHandler.java#L1289>, > and then enable the Netty pipeline's SslHandler > <https://github.com/apache/cassandra/blob/1a971dab7ee91a610d037b97ff5808cda7ed0b25/src/java/org/apache/cassandra/transport/PipelineConfigurator.java#L186> > . > > The implementation in 10559 is compatible with existing clients, and is > already used widely. Are there any reasons for users to stick with > dual-native-port rather than a single port that supports both encrypted and > unencrypted traffic? >
