[
https://issues.apache.org/jira/browse/CASSANDRA-7585?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14095317#comment-14095317
]
Marcus Eriksson commented on CASSANDRA-7585:
--------------------------------------------
Small comments;
* Could we make it possible to state the server_encryption_options on the
command line as well as via the config? The command will look horrible, but i
think it makes it easier for people to script stuff instead of having to ship a
.yaml file.
* Perhaps highlight in the 'help'-output what the difference is between the two
encryption settings
* We can remove the 'peer'-parameter in StreamSession.createConnection (we are
creating a connection for the session, and session knows the peer already)
other than that, +1
> cassandra sstableloader connection refused with inter_node_encryption
> ---------------------------------------------------------------------
>
> Key: CASSANDRA-7585
> URL: https://issues.apache.org/jira/browse/CASSANDRA-7585
> Project: Cassandra
> Issue Type: Bug
> Components: Core, Tools
> Reporter: Samphel Norden
> Assignee: Yuki Morishita
> Fix For: 2.0.10, 2.1.1
>
> Attachments: 7585-2.0.txt
>
>
> cassandra sstableloader connection refused with inter_node_encryption
> When using sstableloader to import tables (cassandra 2.0.5) with inter-node
> encryption and client encryption enabled, I get a connection refused error
> I am using
> sstableloader -d $myhost -p 9160 -u cassandra -pw cassandra -ciphers
> TLS_RSA_WITH_AES_128_CBC_SHA,TLS_DHE_RSA_WITH_AES_128_CBC_SHA,TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA
> -st JKS -tf org.apache.cassandra.thrift.SSLTransportFactory -ts
> /path/to/truststore -tspw <passwd> $fullpath/$table
> Errors out with
> Streaming session ID: 1bc395c0-fbb2-11e3-9812-73da15121373
> WARN 17:13:34,147 Failed attempt 1 to connect to
> Similar problem reported in cassandra 2.0.8 by another user
> http://stackoverflow.com/questions/24390604/cassandra-sstableloader-connection-refused-with-inter-node-encryption
> ==================
> Relevant cassandra.yaml snippet (with obfuscation)
> server_encryption_options:
>
> internode_encryption: all
>
> keystore:/path/to/keystore
>
> keystore_password: <passwd>
>
> truststore:/path/to/truststore
>
> truststore_password:<passwd>
>
> # More advanced defaults below:
>
> protocol: TLS
>
> algorithm: SunX509
>
> store_type: JKS
>
> cipher_suites:
> [TLS_RSA_WITH_AES_128_CBC_SHA,TLS_DHE_RSA_WITH_AES_128_CBC_SHA,TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA]
>
> require_client_auth: true
>
>
>
> # enable or disable client/server encryption.
>
> client_encryption_options:
>
> enabled: true
>
> keystore: /path/to/keystore
>
> keystore_password: <truststorepasswd>
>
> #require_client_auth: true
>
> # Set trustore and truststore_password if require_client_auth is true
>
> truststore:/path/to/truststore
>
> truststore_password: <truststorepasswd>
>
> # More advanced defaults below:
>
> protocol: TLS
>
> algorithm: SunX509
>
> store_type: JKS
>
> cipher_suites:
> [TLS_RSA_WITH_AES_128_CBC_SHA,TLS_DHE_RSA_WITH_AES_128_CBC_SHA,TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA]
>
> ======================
> Note that by setting inter-node encryption to "none" sstableloader works..
> but setting it to "all" fails... It seems like sstableloader uses 7000 is my
> guess instead of using the ssl port 7001 for streaming/gossip.
--
This message was sent by Atlassian JIRA
(v6.2#6252)
