You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@cassandra.apache.org by "jahar (JIRA)" <ji...@apache.org> on 2018/06/18 07:27:00 UTC
[jira] [Commented] (CASSANDRA-10735) Support netty openssl
(netty-tcnative) for client encryption
[ https://issues.apache.org/jira/browse/CASSANDRA-10735?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16515426#comment-16515426 ]
jahar commented on CASSANDRA-10735:
-----------------------------------
Hi,
I just followed the instructions given on [https://docs.datastax.com/en/developer/java-driver/3.0/manual/ssl/] to use NettySSLOptions, but getting _com.datastax.driver.core.exceptions.NoHostAvailableException._
My .crt and private key and certificates are ok as I have verified them using OpenSSL. Tried a lot but not able to find the root cause.
JdkSSLOptions is working fine but when I use the SSLOptions it fails. This is what I am using in code:
_KeyStore ks = KeyStore.getInstance("JKS");_
_trustStore = new FileInputStream(theTrustStorePath);_
_ks.load(trustStore, theTrustStorePassword.toCharArray());_
_TrustManagerFactory tmf = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());_
_tmf.init(ks);_
_SslContextBuilder builder =_
_SslContextBuilder.forClient()_
_.sslProvider(SslProvider.OPENSSL)_
_.trustManager(tmf)_
_.ciphers(theCipherSuites)//_
_.keyManager(new File("mycert.pem"),_
_new File("mykey.pem"));_
_SSLOptions sslOptions = new NettySSLOptions(builder.build());_
_return sslOptions;_
This throws exception _mySession = myCluster.connect();_
Any idea or suggestions please.....
> Support netty openssl (netty-tcnative) for client encryption
> ------------------------------------------------------------
>
> Key: CASSANDRA-10735
> URL: https://issues.apache.org/jira/browse/CASSANDRA-10735
> Project: Cassandra
> Issue Type: Improvement
> Reporter: Andy Tolbert
> Assignee: Jason Brown
> Priority: Major
> Fix For: 4.0
>
> Attachments: netty-ssl-trunk.tgz, nettyssl-bench.tgz, nettysslbench.png, nettysslbench_small.png, sslbench12-03.png
>
>
> The java-driver recently added support for using netty openssl via [netty-tcnative|http://netty.io/wiki/forked-tomcat-native.html] in [JAVA-841|https://datastax-oss.atlassian.net/browse/JAVA-841], this shows a very measured improvement (numbers incoming on that ticket). It seems likely that this can offer improvement if implemented C* side as well.
> Since netty-tcnative has platform specific requirements, this should not be made the default, but rather be an option that one can use.
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
---------------------------------------------------------------------
To unsubscribe, e-mail: commits-unsubscribe@cassandra.apache.org
For additional commands, e-mail: commits-help@cassandra.apache.org