Haven't personally followed this but give it a go:
http://lyubent.github.io/security/planetcassandra/2013/05/31/ssl-for-astyanax.html
On 8 October 2014 20:46, Lu, Boying boying...@emc.com wrote:
Hi, All,
I’m trying to enable client-to-node encrypt communication in Cassandra
(2.0.7) with Astyanax client library (version=1.56.48)
I found the links about how to enable this feature:
http://www.datastax.com/documentation/cassandra/2.0/cassandra/security/secureSSLClientToNode_t.html
But this only says how to set up in the server side, but not the client
side.
Here is my configuration on the server side (in yaml):
client_encryption_options:
enabled: true
keystore: full-path-to-keystore-file *#same file used by Cassandra
server*
keystore_password: some-password
truststore: fullpath-to-truststore-file *#same file used by
Cassandra server*
truststore_password: some-password
# More advanced defaults below:
# protocol: TLS
# algorithm: SunX509
# store_type: JKS
cipher_suites: [TLS_RSA_WITH_AES_128_CBC_SHA]
require_client_auth: true
http://www.datastax.com/dev/blog/accessing-secure-dse-clusters-with-cql-native-protocol
This link says something about client side, but not how to do it with the
Astyanax client library.
Searching the Astyanax source codes, I found the class
SSLConnectionContext maybe useful
And here is my code snippet:
AstyanaxContextCluster clusterContext = new AstyanaxContext.Builder()
.forCluster(clusterName)
.forKeyspace(keyspaceName)
.withAstyanaxConfiguration(new AstyanaxConfigurationImpl()
.setRetryPolicy(new QueryRetryPolicy(10, 1000)))
.withConnectionPoolConfiguration(new
ConnectionPoolConfigurationImpl(_clusterName)
.setMaxConnsPerHost(1)
.setAuthenticationCredentials(credentials)
*.setSSLConnectionContext(sslContext)*
.setSeeds(String.format(%1$s:%2$d, uri.getHost(),
uri.getPort()))
)
.buildCluster(ThriftFamilyFactory.getInstance());
But when I tried to connect to the Cassandra server, I got following error:
Caused by: org.apache.thrift.transport.TTransportException:
javax.net.ssl.SSLHandshakeException: Remote host closed connection during
handshake
at
org.apache.thrift.transport.TIOStreamTransport.flush(TIOStreamTransport.java:161)
at
org.apache.thrift.transport.TFramedTransport.flush(TFramedTransport.java:158)
at
org.apache.thrift.TServiceClient.sendBase(TServiceClient.java:65)
at
org.apache.cassandra.thrift.Cassandra$Client.send_login(Cassandra.java:567)
at
org.apache.cassandra.thrift.Cassandra$Client.login(Cassandra.java:559)
at
com.netflix.astyanax.thrift.ThriftSyncConnectionFactoryImpl$ThriftConnection.open(ThriftSyncConnectionFactoryImpl.java:203)
... 6 more
It looks like that my SSL settings are incorrect.
Does anyone know how to resolve this issue?
Thanks
Boying
--
Ben Bromhead
Instaclustr | www.instaclustr.com | @instaclustr
http://twitter.com/instaclustr | +61 415 936 359