Details
Description
In 2.5.1 design for checkpointing, we use SSL for its communication only if we are using encryption based XDCR. However, if we are not using encryption XDCR, we will use http only (since this is how CAPI works). This implies that we are open to modification of checkpointing related messages. If a customer does not use encryption, checkpointing will be vulnerable to attacks which leads to replication issues via XDCR.
The bug is to make checkpointing messaging secure to avoid attacks with/without xdcr encryption being used.
Please discuss and triage.