Re: Remote host closed connection during handshake SSL Cassandra 3.0.9
Hi Marcus >java version ? We use oracle-java8-jre the version 8u92. >TLSv1 disabled ? No it is not disable. We tried also with the version 1.2 Saludos Jean Carlo "The best way to predict the future is to invent it" Alan Kay On Wed, Jan 31, 2018 at 12:11 PM, Marcus Haarmann <marcus.haarm...@midoco.de > wrote: > java version ? TLSv1 disabled ? (TLSv1 should not be used any more, since > it is outdated, but should work internally) > > Marcus Haarmann > > -- > *Von: *"Jean Carlo" <jean.jeancar...@gmail.com> > *An: *user@cassandra.apache.org > *Gesendet: *Mittwoch, 31. Januar 2018 11:53:37 > *Betreff: *Remote host closed connection during handshake SSL Cassandra > 3.0.9 > > Hello! > > I have a problem enabling inter-node encryption in cassandra 3.0.9 > > After I set my conf like that: > > server_encryption_options: > internode_encryption: all > keystore: /etc/certs/node1.keystore > keystore_password: cassandra > truststore: /etc/certs/node1.truststore > truststore_password: cassandra > # More advanced defaults below: > protocol: *TLSv1* > # algorithm: SunX509 > # store_type: JKS > cipher_suites: [*TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA*] > # require_client_auth: false > > I got this error all the time > > ERROR [ACCEPT-/node1] 2018-01-31 11:29:20,358 MessagingService.java:1081 - > SSL handshake error for inbound connection from > a8265dd[SSL_NULL_WITH_NULL_NULL: > Socket[addr=/node2,port=40352,localport=7001]] > javax.net.ssl.SSLHandshakeException: Remote host closed connection during > handshake > at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:992) > ~[na:1.8.0_92] > at > sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1375) > ~[na:1.8.0_92] > at sun.security.ssl.SSLSocketImpl.readDataRecord(SSLSocketImpl.java:928) > ~[na:1.8.0_92] > at sun.security.ssl.AppInputStream.read(AppInputStream.java:105) > ~[na:1.8.0_92] > at sun.security.ssl.AppInputStream.read(AppInputStream.java:71) > ~[na:1.8.0_92] > at java.io.DataInputStream.readInt(DataInputStream.java:387) > ~[na:1.8.0_92] > at org.apache.cassandra.net.MessagingService$SocketThread. > run(MessagingService.java:1055) ~[apache-cassandra-3.0.9.jar:3.0.9] > Caused by: java.io.EOFException: SSL peer shut down incorrectly > at sun.security.ssl.InputRecord.read(InputRecord.java:505) > ~[na:1.8.0_92] > at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:973) > ~[na:1.8.0_92] > ... 6 common frames omitted > > > I think I tested the correctness of my certs using the command openssl > s_client ( or at least I think I did) > > user@node1 /home/user $ openssl s_client -connect node2:7001 -tls1 > CONNECTED(0003) > ... > SSL-Session: > Protocol : *TLSv1* > Cipher: *ECDHE-RSA-AES256-SHA* > ... > > So it seems I am using the right configuration but still having the 'SSL > peer shut down incorrectly' error. Anyone have had this error before? > > best greetings > > Jean Carlo > > "The best way to predict the future is to invent it" Alan Kay > >
Re: Remote host closed connection during handshake SSL Cassandra 3.0.9
java version ? TLSv1 disabled ? (TLSv1 should not be used any more, since it is outdated, but should work internally) Marcus Haarmann Von: "Jean Carlo" <jean.jeancar...@gmail.com> An: user@cassandra.apache.org Gesendet: Mittwoch, 31. Januar 2018 11:53:37 Betreff: Remote host closed connection during handshake SSL Cassandra 3.0.9 Hello! I have a problem enabling inter-node encryption in cassandra 3.0.9 After I set my conf like that: server_encryption_options: internode_encryption: all keystore: /etc/certs/node1.keystore keystore_password: cassandra truststore: /etc/certs/node1.truststore truststore_password: cassandra # More advanced defaults below: protocol: TLSv1 # algorithm: SunX509 # store_type: JKS cipher_suites: [ TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA ] # require_client_auth: false I got this error all the time ERROR [ACCEPT-/node1] 2018-01-31 11:29:20,358 MessagingService.java:1081 - SSL handshake error for inbound connection from a8265dd[SSL_NULL_WITH_NULL_NULL: Socket[addr=/node2,port=40352,localport=7001]] javax.net.ssl.SSLHandshakeException: Remote host closed connection during handshake at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:992) ~[na:1.8.0_92] at sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1375) ~[na:1.8.0_92] at sun.security.ssl.SSLSocketImpl.readDataRecord(SSLSocketImpl.java:928) ~[na:1.8.0_92] at sun.security.ssl.AppInputStream.read(AppInputStream.java:105) ~[na:1.8.0_92] at sun.security.ssl.AppInputStream.read(AppInputStream.java:71) ~[na:1.8.0_92] at java.io.DataInputStream.readInt(DataInputStream.java:387) ~[na:1.8.0_92] at org.apache.cassandra.net.MessagingService$SocketThread.run(MessagingService.java:1055) ~[apache-cassandra-3.0.9.jar:3.0.9] Caused by: java.io.EOFException: SSL peer shut down incorrectly at sun.security.ssl.InputRecord.read(InputRecord.java:505) ~[na:1.8.0_92] at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:973) ~[na:1.8.0_92] ... 6 common frames omitted I think I tested the correctness of my certs using the command openssl s_client ( or at least I think I did) user@node1 /home/user $ openssl s_client -connect node2:7001 -tls1 CONNECTED(0003) ... SSL-Session: Protocol : TLSv1 Cipher : ECDHE-RSA-AES256-SHA ... So it seems I am using the right configuration but still having the 'SSL peer shut down incorrectly' error. Anyone have had this error before? best greetings Jean Carlo "The best way to predict the future is to invent it" Alan Kay
Remote host closed connection during handshake SSL Cassandra 3.0.9
Hello! I have a problem enabling inter-node encryption in cassandra 3.0.9 After I set my conf like that: server_encryption_options: internode_encryption: all keystore: /etc/certs/node1.keystore keystore_password: cassandra truststore: /etc/certs/node1.truststore truststore_password: cassandra # More advanced defaults below: protocol: *TLSv1* # algorithm: SunX509 # store_type: JKS cipher_suites: [*TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA*] # require_client_auth: false I got this error all the time ERROR [ACCEPT-/node1] 2018-01-31 11:29:20,358 MessagingService.java:1081 - SSL handshake error for inbound connection from a8265dd[SSL_NULL_WITH_NULL_NULL: Socket[addr=/node2,port=40352,localport=7001]] javax.net.ssl.SSLHandshakeException: Remote host closed connection during handshake at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:992) ~[na:1.8.0_92] at sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1375) ~[na:1.8.0_92] at sun.security.ssl.SSLSocketImpl.readDataRecord(SSLSocketImpl.java:928) ~[na:1.8.0_92] at sun.security.ssl.AppInputStream.read(AppInputStream.java:105) ~[na:1.8.0_92] at sun.security.ssl.AppInputStream.read(AppInputStream.java:71) ~[na:1.8.0_92] at java.io.DataInputStream.readInt(DataInputStream.java:387) ~[na:1.8.0_92] at org.apache.cassandra.net.MessagingService$SocketThread.run(MessagingService.java:1055) ~[apache-cassandra-3.0.9.jar:3.0.9] Caused by: java.io.EOFException: SSL peer shut down incorrectly at sun.security.ssl.InputRecord.read(InputRecord.java:505) ~[na:1.8.0_92] at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:973) ~[na:1.8.0_92] ... 6 common frames omitted I think I tested the correctness of my certs using the command openssl s_client ( or at least I think I did) user@node1 /home/user $ openssl s_client -connect node2:7001 -tls1 CONNECTED(0003) ... SSL-Session: Protocol : *TLSv1* Cipher: *ECDHE-RSA-AES256-SHA* ... So it seems I am using the right configuration but still having the 'SSL peer shut down incorrectly' error. Anyone have had this error before? best greetings Jean Carlo "The best way to predict the future is to invent it" Alan Kay