You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@cassandra.apache.org by "jahar (JIRA)" <ji...@apache.org> on 2018/06/18 07:27:00 UTC

[jira] [Commented] (CASSANDRA-10735) Support netty openssl (netty-tcnative) for client encryption

    [ https://issues.apache.org/jira/browse/CASSANDRA-10735?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16515426#comment-16515426 ] 

jahar commented on CASSANDRA-10735:
-----------------------------------

Hi,

I just followed the instructions given on [https://docs.datastax.com/en/developer/java-driver/3.0/manual/ssl/] to use NettySSLOptions, but getting _com.datastax.driver.core.exceptions.NoHostAvailableException._ 

My .crt and private key and certificates are ok as I have verified them using OpenSSL. Tried a lot but not able to find the root cause. 

JdkSSLOptions is working fine but when I use the SSLOptions it fails. This is what I am using in code:

 

            _KeyStore ks = KeyStore.getInstance("JKS");_
            _trustStore = new FileInputStream(theTrustStorePath);_
            _ks.load(trustStore, theTrustStorePassword.toCharArray());_
            _TrustManagerFactory tmf = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());_
            _tmf.init(ks);_
            _SslContextBuilder builder =_
                    _SslContextBuilder.forClient()_
                            _.sslProvider(SslProvider.OPENSSL)_
                            _.trustManager(tmf)_
                            _.ciphers(theCipherSuites)//_
                            _.keyManager(new File("mycert.pem"),_
                                    _new File("mykey.pem"));_
            _SSLOptions sslOptions = new NettySSLOptions(builder.build());_
            _return sslOptions;_

 

This throws exception _mySession = myCluster.connect();_

Any idea or suggestions please.....

> Support netty openssl (netty-tcnative) for client encryption
> ------------------------------------------------------------
>
>                 Key: CASSANDRA-10735
>                 URL: https://issues.apache.org/jira/browse/CASSANDRA-10735
>             Project: Cassandra
>          Issue Type: Improvement
>            Reporter: Andy Tolbert
>            Assignee: Jason Brown
>            Priority: Major
>             Fix For: 4.0
>
>         Attachments: netty-ssl-trunk.tgz, nettyssl-bench.tgz, nettysslbench.png, nettysslbench_small.png, sslbench12-03.png
>
>
> The java-driver recently added support for using netty openssl via [netty-tcnative|http://netty.io/wiki/forked-tomcat-native.html] in [JAVA-841|https://datastax-oss.atlassian.net/browse/JAVA-841], this shows a very measured improvement (numbers incoming on that ticket).   It seems likely that this can offer improvement if implemented C* side as well.
> Since netty-tcnative has platform specific requirements, this should not be made the default, but rather be an option that one can use.



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

---------------------------------------------------------------------
To unsubscribe, e-mail: commits-unsubscribe@cassandra.apache.org
For additional commands, e-mail: commits-help@cassandra.apache.org