> > > I am using internode encryption in cassandra, with self signed CA it works fine. but with other product CA m getting this error "Filtering out TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA,TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA as it isnt supported by the socket” >
You've specified ECDHE_RSA as the cypher. This is a new-ish cypher based on elliptic curve cryptography and it may not be available to some distributions. Run "openssl ciphers ECDH" on the node and the client to ensure they both support that algorithm (my guess is one or the other won't). This article provides an excellent description of ECDH: https://vincent.bernat.im/en/blog/2011-ssl-perfect-forward-secrecy.html#diffie-hellman-with-elliptic-curves Unless you have a specific requirement, use "TLS_RSA_WITH_AES_256_CBC_SHA." -- ----------------- Nate McCall Wellington, NZ @zznate CTO Apache Cassandra Consulting http://www.thelastpickle.com
