How to setup Cassandra client-to-node encryption
Hi, All, I use the following configuration (in yaml file) to enable the client-to-node encryption: client_encryption_options: enabled: true keystore: path-to-keystore-file keystore_password: some-password truststore: path-to-truststore-file truststore_password: some-password But when Cassandra starts, I got following error: Caused by: org.apache.thrift.transport.TTransportException: Could not bind to port 9160 at org.apache.thrift.transport.TSSLTransportFactory.createServer(TSSLTransportFactory.java:117) at org.apache.thrift.transport.TSSLTransportFactory.getServerSocket(TSSLTransportFactory.java:103) at org.apache.cassandra.thrift.CustomTThreadPoolServer$Factory.buildTServer(CustomTThreadPoolServer.java:253) ... 6 more Caused by: java.lang.IllegalArgumentException: Cannot support TLS_RSA_WITH_AES_256_CBC_SHA with currently installed providers at sun.security.ssl.CipherSuiteList.init(CipherSuiteList.java:92) at sun.security.ssl.SSLServerSocketImpl.setEnabledCipherSuites(SSLServerSocketImpl.java:191) at org.apache.thrift.transport.TSSLTransportFactory.createServer(TSSLTransportFactory.java:113) ... 8 more Does anyone know the root cause? Thanks a lot. Boying
Re: How to setup Cassandra client-to-node encryption
Hi, You need to install JCE - http://www.oracle.com/technetwork/java/javase/downloads/jce-7-download-432124.html Bulat On Sep 26, 2014, at 7:58, Lu, Boying boying...@emc.com wrote: Hi, All, I use the following configuration (in yaml file) to enable the client-to-node encryption: client_encryption_options: enabled: true keystore: path-to-keystore-file keystore_password: some-password truststore: path-to-truststore-file truststore_password: some-password But when Cassandra starts, I got following error: Caused by: org.apache.thrift.transport.TTransportException: Could not bind to port 9160 at org.apache.thrift.transport.TSSLTransportFactory.createServer(TSSLTransportFactory.java:117) at org.apache.thrift.transport.TSSLTransportFactory.getServerSocket(TSSLTransportFactory.java:103) at org.apache.cassandra.thrift.CustomTThreadPoolServer$Factory.buildTServer(CustomTThreadPoolServer.java:253) ... 6 more Caused by: java.lang.IllegalArgumentException: Cannot support TLS_RSA_WITH_AES_256_CBC_SHA with currently installed providers at sun.security.ssl.CipherSuiteList.init(CipherSuiteList.java:92) at sun.security.ssl.SSLServerSocketImpl.setEnabledCipherSuites(SSLServerSocketImpl.java:191) at org.apache.thrift.transport.TSSLTransportFactory.createServer(TSSLTransportFactory.java:113) ... 8 more Does anyone know the root cause? Thanks a lot. Boying
RE: How to setup Cassandra client-to-node encryption
Thanks a lot. I’ll try it. From: Bulat Shakirzyanov [mailto:mallluh...@gmail.com] Sent: 2014年9月26日 23:58 To: user@cassandra.apache.org Subject: Re: How to setup Cassandra client-to-node encryption Hi, You need to install JCE - http://www.oracle.com/technetwork/java/javase/downloads/jce-7-download-432124.html Bulat On Sep 26, 2014, at 7:58, Lu, Boying boying...@emc.commailto:boying...@emc.com wrote: Hi, All, I use the following configuration (in yaml file) to enable the client-to-node encryption: client_encryption_options: enabled: true keystore: path-to-keystore-file keystore_password: some-password truststore: path-to-truststore-file truststore_password: some-password But when Cassandra starts, I got following error: Caused by: org.apache.thrift.transport.TTransportException: Could not bind to port 9160 at org.apache.thrift.transport.TSSLTransportFactory.createServer(TSSLTransportFactory.java:117) at org.apache.thrift.transport.TSSLTransportFactory.getServerSocket(TSSLTransportFactory.java:103) at org.apache.cassandra.thrift.CustomTThreadPoolServer$Factory.buildTServer(CustomTThreadPoolServer.java:253) ... 6 more Caused by: java.lang.IllegalArgumentException: Cannot support TLS_RSA_WITH_AES_256_CBC_SHA with currently installed providers at sun.security.ssl.CipherSuiteList.init(CipherSuiteList.java:92) at sun.security.ssl.SSLServerSocketImpl.setEnabledCipherSuites(SSLServerSocketImpl.java:191) at org.apache.thrift.transport.TSSLTransportFactory.createServer(TSSLTransportFactory.java:113) ... 8 more Does anyone know the root cause? Thanks a lot. Boying
