What cipher suites are support in Cassandra 3.7 ?

[Eric Ho <er...@analyticsmd.com>]

I'm trying to enable SSL (internode + client).
But I need to specify the suites but I don't know which ones are supported
by C*..
Any pointers much appreciated.
thx

-- 

-eric ho

Re: What cipher suites are support in Cassandra 3.7 ?

[Nate McCall <na...@thelastpickle.com>]

Your best bet is to use 256bit AES via "TLS_RSA_WITH_AES_256_CBC_SHA" since
that is (usually) hardware accelerated on recent CPUs.

The security page on the docs site has a lot of good information:
http://cassandra.apache.org/doc/latest/operating/security.html

The above contains a link to the following that is worth calling out
directly based on your question:
https://docs.oracle.com/javase/8/docs/technotes/guides/security/jsse/FIPS.html

If you want to know more about the implementation, the config eventually is
passed through Netty's io.netty.handler.ssl.SslHandler (
https://github.com/apache/cassandra/blob/cassandra-3.0/src/java/org/apache/cassandra/transport/Server.java#L367)
which is itself well documented regarding connection lifecycle:
https://netty.io/4.0/api/io/netty/handler/ssl/SslHandler.html


On Sat, Sep 3, 2016 at 10:44 AM, Eric Ho <er...@analyticsmd.com> wrote:
>
> I'm trying to enable SSL (internode + client).
> But I need to specify the suites but I don't know which ones are
supported by C*..
> Any pointers much appreciated.
> thx
>
> --
>
> -eric ho
>



--
-----------------
Nate McCall
Wellington, NZ
@zznate

CTO
Apache Cassandra Consulting
http://www.thelastpickle.com