You are viewing a plain text version of this content. The canonical link for it is here.
Posted to user@cassandra.apache.org by Jean Carlo <je...@gmail.com> on 2018/01/31 10:53:37 UTC
Remote host closed connection during handshake SSL Cassandra 3.0.9
Hello!
I have a problem enabling inter-node encryption in cassandra 3.0.9
After I set my conf like that:
server_encryption_options:
internode_encryption: all
keystore: /etc/certs/node1.keystore
keystore_password: cassandra
truststore: /etc/certs/node1.truststore
truststore_password: cassandra
# More advanced defaults below:
protocol: *TLSv1*
# algorithm: SunX509
# store_type: JKS
cipher_suites: [*TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA*]
# require_client_auth: false
I got this error all the time
ERROR [ACCEPT-/node1] 2018-01-31 11:29:20,358 MessagingService.java:1081 -
SSL handshake error for inbound connection from
a8265dd[SSL_NULL_WITH_NULL_NULL:
Socket[addr=/node2,port=40352,localport=7001]]
javax.net.ssl.SSLHandshakeException: Remote host closed connection during
handshake
at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:992)
~[na:1.8.0_92]
at
sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1375)
~[na:1.8.0_92]
at
sun.security.ssl.SSLSocketImpl.readDataRecord(SSLSocketImpl.java:928)
~[na:1.8.0_92]
at sun.security.ssl.AppInputStream.read(AppInputStream.java:105)
~[na:1.8.0_92]
at sun.security.ssl.AppInputStream.read(AppInputStream.java:71)
~[na:1.8.0_92]
at java.io.DataInputStream.readInt(DataInputStream.java:387)
~[na:1.8.0_92]
at
org.apache.cassandra.net.MessagingService$SocketThread.run(MessagingService.java:1055)
~[apache-cassandra-3.0.9.jar:3.0.9]
Caused by: java.io.EOFException: SSL peer shut down incorrectly
at sun.security.ssl.InputRecord.read(InputRecord.java:505)
~[na:1.8.0_92]
at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:973)
~[na:1.8.0_92]
... 6 common frames omitted
I think I tested the correctness of my certs using the command openssl
s_client ( or at least I think I did)
user@node1 /home/user $ openssl s_client -connect node2:7001 -tls1
CONNECTED(00000003)
...
SSL-Session:
Protocol : *TLSv1*
Cipher : *ECDHE-RSA-AES256-SHA*
...
So it seems I am using the right configuration but still having the 'SSL
peer shut down incorrectly' error. Anyone have had this error before?
best greetings
Jean Carlo
"The best way to predict the future is to invent it" Alan Kay
Re: Remote host closed connection during handshake SSL Cassandra 3.0.9
Posted by Jean Carlo <je...@gmail.com>.
Hi Marcus
>java version ?
We use oracle-java8-jre the version 8u92.
>TLSv1 disabled ?
No it is not disable. We tried also with the version 1.2
Saludos
Jean Carlo
"The best way to predict the future is to invent it" Alan Kay
On Wed, Jan 31, 2018 at 12:11 PM, Marcus Haarmann <marcus.haarmann@midoco.de
> wrote:
> java version ? TLSv1 disabled ? (TLSv1 should not be used any more, since
> it is outdated, but should work internally)
>
> Marcus Haarmann
>
> ------------------------------
> *Von: *"Jean Carlo" <je...@gmail.com>
> *An: *user@cassandra.apache.org
> *Gesendet: *Mittwoch, 31. Januar 2018 11:53:37
> *Betreff: *Remote host closed connection during handshake SSL Cassandra
> 3.0.9
>
> Hello!
>
> I have a problem enabling inter-node encryption in cassandra 3.0.9
>
> After I set my conf like that:
>
> server_encryption_options:
> internode_encryption: all
> keystore: /etc/certs/node1.keystore
> keystore_password: cassandra
> truststore: /etc/certs/node1.truststore
> truststore_password: cassandra
> # More advanced defaults below:
> protocol: *TLSv1*
> # algorithm: SunX509
> # store_type: JKS
> cipher_suites: [*TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA*]
> # require_client_auth: false
>
> I got this error all the time
>
> ERROR [ACCEPT-/node1] 2018-01-31 11:29:20,358 MessagingService.java:1081 -
> SSL handshake error for inbound connection from a8265dd[SSL_NULL_WITH_NULL_NULL:
> Socket[addr=/node2,port=40352,localport=7001]]
> javax.net.ssl.SSLHandshakeException: Remote host closed connection during
> handshake
> at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:992)
> ~[na:1.8.0_92]
> at sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1375)
> ~[na:1.8.0_92]
> at sun.security.ssl.SSLSocketImpl.readDataRecord(SSLSocketImpl.java:928)
> ~[na:1.8.0_92]
> at sun.security.ssl.AppInputStream.read(AppInputStream.java:105)
> ~[na:1.8.0_92]
> at sun.security.ssl.AppInputStream.read(AppInputStream.java:71)
> ~[na:1.8.0_92]
> at java.io.DataInputStream.readInt(DataInputStream.java:387)
> ~[na:1.8.0_92]
> at org.apache.cassandra.net.MessagingService$SocketThread.
> run(MessagingService.java:1055) ~[apache-cassandra-3.0.9.jar:3.0.9]
> Caused by: java.io.EOFException: SSL peer shut down incorrectly
> at sun.security.ssl.InputRecord.read(InputRecord.java:505)
> ~[na:1.8.0_92]
> at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:973)
> ~[na:1.8.0_92]
> ... 6 common frames omitted
>
>
> I think I tested the correctness of my certs using the command openssl
> s_client ( or at least I think I did)
>
> user@node1 /home/user $ openssl s_client -connect node2:7001 -tls1
> CONNECTED(00000003)
> ...
> SSL-Session:
> Protocol : *TLSv1*
> Cipher : *ECDHE-RSA-AES256-SHA*
> ...
>
> So it seems I am using the right configuration but still having the 'SSL
> peer shut down incorrectly' error. Anyone have had this error before?
>
> best greetings
>
> Jean Carlo
>
> "The best way to predict the future is to invent it" Alan Kay
>
>
Re: Remote host closed connection during handshake SSL Cassandra
3.0.9
Posted by Marcus Haarmann <ma...@midoco.de>.
java version ? TLSv1 disabled ? (TLSv1 should not be used any more, since it is outdated, but should work internally)
Marcus Haarmann
Von: "Jean Carlo" <je...@gmail.com>
An: user@cassandra.apache.org
Gesendet: Mittwoch, 31. Januar 2018 11:53:37
Betreff: Remote host closed connection during handshake SSL Cassandra 3.0.9
Hello!
I have a problem enabling inter-node encryption in cassandra 3.0.9
After I set my conf like that:
server_encryption_options:
internode_encryption: all
keystore: /etc/certs/node1.keystore
keystore_password: cassandra
truststore: /etc/certs/node1.truststore
truststore_password: cassandra
# More advanced defaults below:
protocol: TLSv1
# algorithm: SunX509
# store_type: JKS
cipher_suites: [ TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA ]
# require_client_auth: false
I got this error all the time
ERROR [ACCEPT-/node1] 2018-01-31 11:29:20,358 MessagingService.java:1081 - SSL handshake error for inbound connection from a8265dd[SSL_NULL_WITH_NULL_NULL: Socket[addr=/node2,port=40352,localport=7001]]
javax.net.ssl.SSLHandshakeException: Remote host closed connection during handshake
at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:992) ~[na:1.8.0_92]
at sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1375) ~[na:1.8.0_92]
at sun.security.ssl.SSLSocketImpl.readDataRecord(SSLSocketImpl.java:928) ~[na:1.8.0_92]
at sun.security.ssl.AppInputStream.read(AppInputStream.java:105) ~[na:1.8.0_92]
at sun.security.ssl.AppInputStream.read(AppInputStream.java:71) ~[na:1.8.0_92]
at java.io.DataInputStream.readInt(DataInputStream.java:387) ~[na:1.8.0_92]
at org.apache.cassandra.net.MessagingService$SocketThread.run(MessagingService.java:1055) ~[apache-cassandra-3.0.9.jar:3.0.9]
Caused by: java.io.EOFException: SSL peer shut down incorrectly
at sun.security.ssl.InputRecord.read(InputRecord.java:505) ~[na:1.8.0_92]
at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:973) ~[na:1.8.0_92]
... 6 common frames omitted
I think I tested the correctness of my certs using the command openssl s_client ( or at least I think I did)
user@node1 /home/user $ openssl s_client -connect node2:7001 -tls1
CONNECTED(00000003)
...
SSL-Session:
Protocol : TLSv1
Cipher : ECDHE-RSA-AES256-SHA
...
So it seems I am using the right configuration but still having the 'SSL peer shut down incorrectly' error. Anyone have had this error before?
best greetings
Jean Carlo
"The best way to predict the future is to invent it" Alan Kay