Security

Using TLS to secure data-in-transit TLS (Transport Layer Security) is an industry-standard cryptographic protocol to secure data over the wire between two computers. Typically, this is between a web server and a browser. It is a successor of SSL (Secure Socket Layer) protocol and many times you would notice SSL and TLS are used interchangeably by technologists for higher-level discussions. Here are some good guides for learning about TLS basics and understanding the TLS Handshake between client and server.

TLS requires the server to have an asymmetric key pair digital certificate. This enables the client to trust the server is what it claims to be, but the server will trust any client. In order to limit which clients the server trusts, you must provide the server with a similar certificate for each allowed client so the server can authenticate a client. This is also known as Client-TLS Auth, Two-way-SSL, Mutual-TLS, or mTLS (most commonly used) for short.

Apart from some higher level challenges with TLS, there are also operational challenges you will need to consider, which we will cover in Part 2. Next time, we will look at storing your private key and password, credential rotations, operations at scale, and how to configure TLS/mTLS on the server-side.

https://cassandra.apache.org/_/blog/Tightening-Security-for-Apache-Cassandra-Part-1.html