You are viewing a plain text version of this content. The canonical link for it is here.

Posted to user@cassandra.apache.org by Bulat Shakirzyanov <ma...@gmail.com> on 2014/09/26 17:57:59 UTC

Re: How to setup Cassandra client-to-node encryption

Hi,

You need to install JCE -
http://www.oracle.com/technetwork/java/javase/downloads/jce-7-download-432124.html

Bulat

On Sep 26, 2014, at 7:58, "Lu, Boying" <Bo...@emc.com> wrote:

Hi, All,



I use the following configuration (in yaml file) to enable the
client-to-node encryption:

client_encryption_options:

    enabled: true

    keystore: path-to-keystore-file

    keystore_password: some-password

    truststore: path-to-truststore-file

truststore_password: some-password



But when Cassandra starts, I got following error:

Caused by: org.apache.thrift.transport.TTransportException: Could not bind
to port 9160

        at
org.apache.thrift.transport.TSSLTransportFactory.createServer(TSSLTransportFactory.java:117)

        at
org.apache.thrift.transport.TSSLTransportFactory.getServerSocket(TSSLTransportFactory.java:103)

        at
org.apache.cassandra.thrift.CustomTThreadPoolServer$Factory.buildTServer(CustomTThreadPoolServer.java:253)

        ... 6 more

Caused by: java.lang.IllegalArgumentException: Cannot support
TLS_RSA_WITH_AES_256_CBC_SHA with currently installed providers

        at sun.security.ssl.CipherSuiteList.<init>(CipherSuiteList.java:92)

        at
sun.security.ssl.SSLServerSocketImpl.setEnabledCipherSuites(SSLServerSocketImpl.java:191)

        at
org.apache.thrift.transport.TSSLTransportFactory.createServer(TSSLTransportFactory.java:113)

        ... 8 more



Does anyone know the root cause?



Thanks a lot.



Boying

RE: How to setup Cassandra client-to-node encryption

Posted by "Lu, Boying" <Bo...@emc.com>.

Thanks a lot.  I’ll try it.

From: Bulat Shakirzyanov [mailto:mallluhuct@gmail.com]
Sent: 2014年9月26日 23:58
To: user@cassandra.apache.org
Subject: Re: How to setup Cassandra client-to-node encryption

Hi,

You need to install JCE - http://www.oracle.com/technetwork/java/javase/downloads/jce-7-download-432124.html

Bulat

On Sep 26, 2014, at 7:58, "Lu, Boying" <Bo...@emc.com>> wrote:
Hi, All,

I use the following configuration (in yaml file) to enable the client-to-node encryption:
client_encryption_options:
    enabled: true
    keystore: path-to-keystore-file
    keystore_password: some-password
    truststore: path-to-truststore-file
truststore_password: some-password

But when Cassandra starts, I got following error:
Caused by: org.apache.thrift.transport.TTransportException: Could not bind to port 9160
        at org.apache.thrift.transport.TSSLTransportFactory.createServer(TSSLTransportFactory.java:117)
        at org.apache.thrift.transport.TSSLTransportFactory.getServerSocket(TSSLTransportFactory.java:103)
        at org.apache.cassandra.thrift.CustomTThreadPoolServer$Factory.buildTServer(CustomTThreadPoolServer.java:253)
        ... 6 more
Caused by: java.lang.IllegalArgumentException: Cannot support TLS_RSA_WITH_AES_256_CBC_SHA with currently installed providers
        at sun.security.ssl.CipherSuiteList.<init>(CipherSuiteList.java:92)
        at sun.security.ssl.SSLServerSocketImpl.setEnabledCipherSuites(SSLServerSocketImpl.java:191)
        at org.apache.thrift.transport.TSSLTransportFactory.createServer(TSSLTransportFactory.java:113)
        ... 8 more

Does anyone know the root cause?

Thanks a lot.

Boying