[ClusterLabs] corosync 2.4.4 version provide secure the communication by default

Jan Friesse jfriesse at redhat.com
Mon Mar 27 03:34:00 EDT 2023


On 26/03/2023 12:42, S Sathish S wrote:
> Hi Jan,
> 

Hi,

> In Corosync which all scenario it send cpg message and what is impact if we are not secure communication.

It really depends of what services are used, but generally speaking 
corosync without cpg is not super useful so I guess cpg is probably used...

> 
> 
>    1.  Any outsider attacker can manipulate the system using unencrypted communication.

yes

>    2.  Corosync used for heartbeat communication in that we don't have any sensitive data really need to secure ? if not then any other sensitive data transferred via corosync 
communication.

Not sure I understand question - but in general modifying corosync 
messages can lead to huge problems. If attacker can really change 
messages it's super easy to change membership, make it unstable, ... 
it's not really just about changing content of cpg data.

What is the point to turn off encryption?

Regards,
   Honza

> 
> Thanks and Regards,
> S Sathish S
> 



More information about the Users mailing list