[jira] [Commented] (CASSANDRA-16362) SSLFactory should initialize SSLContext before setting protocols

Mon, 11 Jan 2021 05:10:26 -0800 


    [ 
https://issues.apache.org/jira/browse/CASSANDRA-16362?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17262634#comment-17262634
 ] 

Alexander Dejanovski commented on CASSANDRA-16362:
--------------------------------------------------

[~jmeredithco], it's now failing earlier in the process as I can't get the 
Python CQL driver to connect to Cassandra when encryption is turned on. I've 
tried using TLS 1.1 and TLS 1.2 with the same result...
Previously we were failing later in the process as we could connect using the 
Python driver but failed at using the sstableloader.

Any idea of what could be preventing us from connecting with TLS 1.1 and 1.2 
when using the python driver?
Our implementation follows what's described in [this driver documentation 
page|https://docs.datastax.com/en/developer/python-driver/3.24/security/#ssl-configuration-examples].



> SSLFactory should initialize SSLContext before setting protocols
> ----------------------------------------------------------------
>
>                 Key: CASSANDRA-16362
>                 URL: https://issues.apache.org/jira/browse/CASSANDRA-16362
>             Project: Cassandra
>          Issue Type: Bug
>          Components: Tool/bulk load
>            Reporter: Erik Merkle
>            Assignee: Jon Meredith
>            Priority: Normal
>             Fix For: 4.0-beta5
>
>          Time Spent: 50m
>  Remaining Estimate: 0h
>
> Trying to use sstableloader from the latest trunk produced the following 
> Exception:
> {quote}
> Exception in thread "main" java.lang.RuntimeException: Could not create SSL 
> Context.
>       at 
> org.apache.cassandra.tools.BulkLoader.buildSSLOptions(BulkLoader.java:261)
>       at org.apache.cassandra.tools.BulkLoader.load(BulkLoader.java:64)
>       at org.apache.cassandra.tools.BulkLoader.main(BulkLoader.java:49)
> Caused by: java.io.IOException: Error creating/initializing the SSL Context
>       at 
> org.apache.cassandra.security.SSLFactory.createSSLContext(SSLFactory.java:184)
>       at 
> org.apache.cassandra.tools.BulkLoader.buildSSLOptions(BulkLoader.java:257)
>       ... 2 more
> Caused by: java.lang.IllegalStateException: SSLContext is not initialized
>       at 
> sun.security.ssl.SSLContextImpl.engineGetSocketFactory(SSLContextImpl.java:208)
>       at javax.net.ssl.SSLContextSpi.getDefaultSocket(SSLContextSpi.java:158)
>       at 
> javax.net.ssl.SSLContextSpi.engineGetDefaultSSLParameters(SSLContextSpi.java:184)
>       at javax.net.ssl.SSLContext.getDefaultSSLParameters(SSLContext.java:435)
>       at 
> org.apache.cassandra.security.SSLFactory.createSSLContext(SSLFactory.java:178)
>       ... 3 more
> {quote}
> I believe this is because of a change to SSLFactory for CASSANDRA-13325 here:
> [https://github.com/apache/cassandra/commit/919a8964a83511d96766c3e53ba603e77bca626c#diff-0d569398cfd58566fc56bfb80c971a72afe3f392addc2df731a0b44baf29019eR177-R178]
>  
> I think the solution is to call {{ctx.init()}} before trying to call 
> {{ctx.getDefaultSSLParameters()}}, essentialy swapping the two lines in the 
> link above.



--
This message was sent by Atlassian Jira
(v8.3.4#803005)

---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

Reply via email to