[jira] [Commented] (CASSANDRA-7585) cassandra sstableloader connection refused with inter_node_encryption
[ https://issues.apache.org/jira/browse/CASSANDRA-7585?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=14098550#comment-14098550 ] Marcus Eriksson commented on CASSANDRA-7585: ok, +1 cassandra sstableloader connection refused with inter_node_encryption - Key: CASSANDRA-7585 URL: https://issues.apache.org/jira/browse/CASSANDRA-7585 Project: Cassandra Issue Type: Bug Components: Core, Tools Reporter: Samphel Norden Assignee: Yuki Morishita Fix For: 2.0.10, 2.1.1 Attachments: 7585-2.0-v2.txt, 7585-2.0.txt, sstableloader-help.txt cassandra sstableloader connection refused with inter_node_encryption When using sstableloader to import tables (cassandra 2.0.5) with inter-node encryption and client encryption enabled, I get a connection refused error I am using sstableloader -d $myhost -p 9160 -u cassandra -pw cassandra -ciphers TLS_RSA_WITH_AES_128_CBC_SHA,TLS_DHE_RSA_WITH_AES_128_CBC_SHA,TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA -st JKS -tf org.apache.cassandra.thrift.SSLTransportFactory -ts /path/to/truststore -tspw passwd $fullpath/$table Errors out with Streaming session ID: 1bc395c0-fbb2-11e3-9812-73da15121373 WARN 17:13:34,147 Failed attempt 1 to connect to Similar problem reported in cassandra 2.0.8 by another user http://stackoverflow.com/questions/24390604/cassandra-sstableloader-connection-refused-with-inter-node-encryption == Relevant cassandra.yaml snippet (with obfuscation) server_encryption_options: internode_encryption: all keystore:/path/to/keystore keystore_password: passwd truststore:/path/to/truststore truststore_password:passwd # More advanced defaults below: protocol: TLS algorithm: SunX509 store_type: JKS cipher_suites: [TLS_RSA_WITH_AES_128_CBC_SHA,TLS_DHE_RSA_WITH_AES_128_CBC_SHA,TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA] require_client_auth: true # enable or disable client/server encryption. client_encryption_options: enabled: true keystore: /path/to/keystore keystore_password: truststorepasswd #require_client_auth: true # Set trustore and truststore_password if require_client_auth is true truststore:/path/to/truststore truststore_password: truststorepasswd # More advanced defaults below: protocol: TLS algorithm: SunX509 store_type: JKS cipher_suites:
[jira] [Commented] (CASSANDRA-7585) cassandra sstableloader connection refused with inter_node_encryption
[ https://issues.apache.org/jira/browse/CASSANDRA-7585?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=14097146#comment-14097146 ] Yuki Morishita commented on CASSANDRA-7585: --- bq. Could we make it possible to state the server_encryption_options on the command line as well as via the config? The command will look horrible... That's why I added option to load yaml file. I could add 8 more command line options for server encryption but it seems redundant. I'd rather deprecate the current way of setting client encryption options. I think I can highlight this more in help string. Will update with other nits fixed. cassandra sstableloader connection refused with inter_node_encryption - Key: CASSANDRA-7585 URL: https://issues.apache.org/jira/browse/CASSANDRA-7585 Project: Cassandra Issue Type: Bug Components: Core, Tools Reporter: Samphel Norden Assignee: Yuki Morishita Fix For: 2.0.10, 2.1.1 Attachments: 7585-2.0.txt cassandra sstableloader connection refused with inter_node_encryption When using sstableloader to import tables (cassandra 2.0.5) with inter-node encryption and client encryption enabled, I get a connection refused error I am using sstableloader -d $myhost -p 9160 -u cassandra -pw cassandra -ciphers TLS_RSA_WITH_AES_128_CBC_SHA,TLS_DHE_RSA_WITH_AES_128_CBC_SHA,TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA -st JKS -tf org.apache.cassandra.thrift.SSLTransportFactory -ts /path/to/truststore -tspw passwd $fullpath/$table Errors out with Streaming session ID: 1bc395c0-fbb2-11e3-9812-73da15121373 WARN 17:13:34,147 Failed attempt 1 to connect to Similar problem reported in cassandra 2.0.8 by another user http://stackoverflow.com/questions/24390604/cassandra-sstableloader-connection-refused-with-inter-node-encryption == Relevant cassandra.yaml snippet (with obfuscation) server_encryption_options: internode_encryption: all keystore:/path/to/keystore keystore_password: passwd truststore:/path/to/truststore truststore_password:passwd # More advanced defaults below: protocol: TLS algorithm: SunX509 store_type: JKS cipher_suites: [TLS_RSA_WITH_AES_128_CBC_SHA,TLS_DHE_RSA_WITH_AES_128_CBC_SHA,TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA] require_client_auth: true # enable or disable client/server encryption. client_encryption_options: enabled: true keystore: /path/to/keystore keystore_password: truststorepasswd #require_client_auth: true # Set trustore and truststore_password if require_client_auth is true truststore:/path/to/truststore truststore_password: truststorepasswd # More advanced defaults below: protocol: TLS
[jira] [Commented] (CASSANDRA-7585) cassandra sstableloader connection refused with inter_node_encryption
[ https://issues.apache.org/jira/browse/CASSANDRA-7585?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=14095317#comment-14095317 ] Marcus Eriksson commented on CASSANDRA-7585: Small comments; * Could we make it possible to state the server_encryption_options on the command line as well as via the config? The command will look horrible, but i think it makes it easier for people to script stuff instead of having to ship a .yaml file. * Perhaps highlight in the 'help'-output what the difference is between the two encryption settings * We can remove the 'peer'-parameter in StreamSession.createConnection (we are creating a connection for the session, and session knows the peer already) other than that, +1 cassandra sstableloader connection refused with inter_node_encryption - Key: CASSANDRA-7585 URL: https://issues.apache.org/jira/browse/CASSANDRA-7585 Project: Cassandra Issue Type: Bug Components: Core, Tools Reporter: Samphel Norden Assignee: Yuki Morishita Fix For: 2.0.10, 2.1.1 Attachments: 7585-2.0.txt cassandra sstableloader connection refused with inter_node_encryption When using sstableloader to import tables (cassandra 2.0.5) with inter-node encryption and client encryption enabled, I get a connection refused error I am using sstableloader -d $myhost -p 9160 -u cassandra -pw cassandra -ciphers TLS_RSA_WITH_AES_128_CBC_SHA,TLS_DHE_RSA_WITH_AES_128_CBC_SHA,TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA -st JKS -tf org.apache.cassandra.thrift.SSLTransportFactory -ts /path/to/truststore -tspw passwd $fullpath/$table Errors out with Streaming session ID: 1bc395c0-fbb2-11e3-9812-73da15121373 WARN 17:13:34,147 Failed attempt 1 to connect to Similar problem reported in cassandra 2.0.8 by another user http://stackoverflow.com/questions/24390604/cassandra-sstableloader-connection-refused-with-inter-node-encryption == Relevant cassandra.yaml snippet (with obfuscation) server_encryption_options: internode_encryption: all keystore:/path/to/keystore keystore_password: passwd truststore:/path/to/truststore truststore_password:passwd # More advanced defaults below: protocol: TLS algorithm: SunX509 store_type: JKS cipher_suites: [TLS_RSA_WITH_AES_128_CBC_SHA,TLS_DHE_RSA_WITH_AES_128_CBC_SHA,TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA] require_client_auth: true # enable or disable client/server encryption. client_encryption_options: enabled: true keystore: /path/to/keystore keystore_password: truststorepasswd #require_client_auth: true # Set trustore and truststore_password if require_client_auth is true truststore:/path/to/truststore truststore_password: truststorepasswd # More advanced defaults below:
[jira] [Commented] (CASSANDRA-7585) cassandra sstableloader connection refused with inter_node_encryption
[ https://issues.apache.org/jira/browse/CASSANDRA-7585?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=14089321#comment-14089321 ] Samphel Norden commented on CASSANDRA-7585: --- Thanks for the patch. Any chance this can be back ported to 2.0.5 since we are not using custom builds in our deployment. cassandra sstableloader connection refused with inter_node_encryption - Key: CASSANDRA-7585 URL: https://issues.apache.org/jira/browse/CASSANDRA-7585 Project: Cassandra Issue Type: Bug Components: Core, Tools Reporter: Samphel Norden Assignee: Yuki Morishita Fix For: 2.0.10, 2.1.1 Attachments: 7585-2.0.txt cassandra sstableloader connection refused with inter_node_encryption When using sstableloader to import tables (cassandra 2.0.5) with inter-node encryption and client encryption enabled, I get a connection refused error I am using sstableloader -d $myhost -p 9160 -u cassandra -pw cassandra -ciphers TLS_RSA_WITH_AES_128_CBC_SHA,TLS_DHE_RSA_WITH_AES_128_CBC_SHA,TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA -st JKS -tf org.apache.cassandra.thrift.SSLTransportFactory -ts /path/to/truststore -tspw passwd $fullpath/$table Errors out with Streaming session ID: 1bc395c0-fbb2-11e3-9812-73da15121373 WARN 17:13:34,147 Failed attempt 1 to connect to Similar problem reported in cassandra 2.0.8 by another user http://stackoverflow.com/questions/24390604/cassandra-sstableloader-connection-refused-with-inter-node-encryption == Relevant cassandra.yaml snippet (with obfuscation) server_encryption_options: internode_encryption: all keystore:/path/to/keystore keystore_password: passwd truststore:/path/to/truststore truststore_password:passwd # More advanced defaults below: protocol: TLS algorithm: SunX509 store_type: JKS cipher_suites: [TLS_RSA_WITH_AES_128_CBC_SHA,TLS_DHE_RSA_WITH_AES_128_CBC_SHA,TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA] require_client_auth: true # enable or disable client/server encryption. client_encryption_options: enabled: true keystore: /path/to/keystore keystore_password: truststorepasswd #require_client_auth: true # Set trustore and truststore_password if require_client_auth is true truststore:/path/to/truststore truststore_password: truststorepasswd # More advanced defaults below: protocol: TLS algorithm: SunX509 store_type: JKS cipher_suites:
[jira] [Commented] (CASSANDRA-7585) cassandra sstableloader connection refused with inter_node_encryption
[ https://issues.apache.org/jira/browse/CASSANDRA-7585?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=14089358#comment-14089358 ] Jonathan Ellis commented on CASSANDRA-7585: --- 2.0.5 + 7585 would *be* a custom build. You should plan on running the stable release that this is committed to. cassandra sstableloader connection refused with inter_node_encryption - Key: CASSANDRA-7585 URL: https://issues.apache.org/jira/browse/CASSANDRA-7585 Project: Cassandra Issue Type: Bug Components: Core, Tools Reporter: Samphel Norden Assignee: Yuki Morishita Fix For: 2.0.10, 2.1.1 Attachments: 7585-2.0.txt cassandra sstableloader connection refused with inter_node_encryption When using sstableloader to import tables (cassandra 2.0.5) with inter-node encryption and client encryption enabled, I get a connection refused error I am using sstableloader -d $myhost -p 9160 -u cassandra -pw cassandra -ciphers TLS_RSA_WITH_AES_128_CBC_SHA,TLS_DHE_RSA_WITH_AES_128_CBC_SHA,TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA -st JKS -tf org.apache.cassandra.thrift.SSLTransportFactory -ts /path/to/truststore -tspw passwd $fullpath/$table Errors out with Streaming session ID: 1bc395c0-fbb2-11e3-9812-73da15121373 WARN 17:13:34,147 Failed attempt 1 to connect to Similar problem reported in cassandra 2.0.8 by another user http://stackoverflow.com/questions/24390604/cassandra-sstableloader-connection-refused-with-inter-node-encryption == Relevant cassandra.yaml snippet (with obfuscation) server_encryption_options: internode_encryption: all keystore:/path/to/keystore keystore_password: passwd truststore:/path/to/truststore truststore_password:passwd # More advanced defaults below: protocol: TLS algorithm: SunX509 store_type: JKS cipher_suites: [TLS_RSA_WITH_AES_128_CBC_SHA,TLS_DHE_RSA_WITH_AES_128_CBC_SHA,TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA] require_client_auth: true # enable or disable client/server encryption. client_encryption_options: enabled: true keystore: /path/to/keystore keystore_password: truststorepasswd #require_client_auth: true # Set trustore and truststore_password if require_client_auth is true truststore:/path/to/truststore truststore_password: truststorepasswd # More advanced defaults below: protocol: TLS algorithm: SunX509 store_type: JKS cipher_suites:
[jira] [Commented] (CASSANDRA-7585) cassandra sstableloader connection refused with inter_node_encryption
[ https://issues.apache.org/jira/browse/CASSANDRA-7585?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=14089367#comment-14089367 ] Yuki Morishita commented on CASSANDRA-7585: --- I haven't tried yet, but streaming protocol haven't changed in 2.0.5 to 2.0-head, so in theory, you can use latest (or patched) version of sstableloader to your 2.0.5 cassandra cluster. cassandra sstableloader connection refused with inter_node_encryption - Key: CASSANDRA-7585 URL: https://issues.apache.org/jira/browse/CASSANDRA-7585 Project: Cassandra Issue Type: Bug Components: Core, Tools Reporter: Samphel Norden Assignee: Yuki Morishita Fix For: 2.0.10, 2.1.1 Attachments: 7585-2.0.txt cassandra sstableloader connection refused with inter_node_encryption When using sstableloader to import tables (cassandra 2.0.5) with inter-node encryption and client encryption enabled, I get a connection refused error I am using sstableloader -d $myhost -p 9160 -u cassandra -pw cassandra -ciphers TLS_RSA_WITH_AES_128_CBC_SHA,TLS_DHE_RSA_WITH_AES_128_CBC_SHA,TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA -st JKS -tf org.apache.cassandra.thrift.SSLTransportFactory -ts /path/to/truststore -tspw passwd $fullpath/$table Errors out with Streaming session ID: 1bc395c0-fbb2-11e3-9812-73da15121373 WARN 17:13:34,147 Failed attempt 1 to connect to Similar problem reported in cassandra 2.0.8 by another user http://stackoverflow.com/questions/24390604/cassandra-sstableloader-connection-refused-with-inter-node-encryption == Relevant cassandra.yaml snippet (with obfuscation) server_encryption_options: internode_encryption: all keystore:/path/to/keystore keystore_password: passwd truststore:/path/to/truststore truststore_password:passwd # More advanced defaults below: protocol: TLS algorithm: SunX509 store_type: JKS cipher_suites: [TLS_RSA_WITH_AES_128_CBC_SHA,TLS_DHE_RSA_WITH_AES_128_CBC_SHA,TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA] require_client_auth: true # enable or disable client/server encryption. client_encryption_options: enabled: true keystore: /path/to/keystore keystore_password: truststorepasswd #require_client_auth: true # Set trustore and truststore_password if require_client_auth is true truststore:/path/to/truststore truststore_password: truststorepasswd # More advanced defaults below: protocol: TLS algorithm: SunX509 store_type: JKS
[jira] [Commented] (CASSANDRA-7585) cassandra sstableloader connection refused with inter_node_encryption
[ https://issues.apache.org/jira/browse/CASSANDRA-7585?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=14089369#comment-14089369 ] Samphel Norden commented on CASSANDRA-7585: --- Great. Looking forward to the patch getting into stable release... cassandra sstableloader connection refused with inter_node_encryption - Key: CASSANDRA-7585 URL: https://issues.apache.org/jira/browse/CASSANDRA-7585 Project: Cassandra Issue Type: Bug Components: Core, Tools Reporter: Samphel Norden Assignee: Yuki Morishita Fix For: 2.0.10, 2.1.1 Attachments: 7585-2.0.txt cassandra sstableloader connection refused with inter_node_encryption When using sstableloader to import tables (cassandra 2.0.5) with inter-node encryption and client encryption enabled, I get a connection refused error I am using sstableloader -d $myhost -p 9160 -u cassandra -pw cassandra -ciphers TLS_RSA_WITH_AES_128_CBC_SHA,TLS_DHE_RSA_WITH_AES_128_CBC_SHA,TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA -st JKS -tf org.apache.cassandra.thrift.SSLTransportFactory -ts /path/to/truststore -tspw passwd $fullpath/$table Errors out with Streaming session ID: 1bc395c0-fbb2-11e3-9812-73da15121373 WARN 17:13:34,147 Failed attempt 1 to connect to Similar problem reported in cassandra 2.0.8 by another user http://stackoverflow.com/questions/24390604/cassandra-sstableloader-connection-refused-with-inter-node-encryption == Relevant cassandra.yaml snippet (with obfuscation) server_encryption_options: internode_encryption: all keystore:/path/to/keystore keystore_password: passwd truststore:/path/to/truststore truststore_password:passwd # More advanced defaults below: protocol: TLS algorithm: SunX509 store_type: JKS cipher_suites: [TLS_RSA_WITH_AES_128_CBC_SHA,TLS_DHE_RSA_WITH_AES_128_CBC_SHA,TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA] require_client_auth: true # enable or disable client/server encryption. client_encryption_options: enabled: true keystore: /path/to/keystore keystore_password: truststorepasswd #require_client_auth: true # Set trustore and truststore_password if require_client_auth is true truststore:/path/to/truststore truststore_password: truststorepasswd # More advanced defaults below: protocol: TLS algorithm: SunX509 store_type: JKS cipher_suites:
[jira] [Commented] (CASSANDRA-7585) cassandra sstableloader connection refused with inter_node_encryption
[ https://issues.apache.org/jira/browse/CASSANDRA-7585?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=14071696#comment-14071696 ] Yuki Morishita commented on CASSANDRA-7585: --- This is not easy to fix since sstableloader is not topology-aware and server side encyption can be configured for just dc/rack. Possible work around for now is to use JMX bulkload which can be accessed through StorageService MBean and let Cassandra bulkload files. (You have to place your SSTables somewhere in that cassandra node first.) It works the same as sstableloader. cassandra sstableloader connection refused with inter_node_encryption - Key: CASSANDRA-7585 URL: https://issues.apache.org/jira/browse/CASSANDRA-7585 Project: Cassandra Issue Type: Bug Components: Core, Tools Reporter: Samphel Norden Assignee: Yuki Morishita cassandra sstableloader connection refused with inter_node_encryption When using sstableloader to import tables (cassandra 2.0.5) with inter-node encryption and client encryption enabled, I get a connection refused error I am using sstableloader -d $myhost -p 9160 -u cassandra -pw cassandra -ciphers TLS_RSA_WITH_AES_128_CBC_SHA,TLS_DHE_RSA_WITH_AES_128_CBC_SHA,TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA -st JKS -tf org.apache.cassandra.thrift.SSLTransportFactory -ts /path/to/truststore -tspw passwd $fullpath/$table Errors out with Streaming session ID: 1bc395c0-fbb2-11e3-9812-73da15121373 WARN 17:13:34,147 Failed attempt 1 to connect to Similar problem reported in cassandra 2.0.8 by another user http://stackoverflow.com/questions/24390604/cassandra-sstableloader-connection-refused-with-inter-node-encryption == Relevant cassandra.yaml snippet (with obfuscation) server_encryption_options: internode_encryption: all keystore:/path/to/keystore keystore_password: passwd truststore:/path/to/truststore truststore_password:passwd # More advanced defaults below: protocol: TLS algorithm: SunX509 store_type: JKS cipher_suites: [TLS_RSA_WITH_AES_128_CBC_SHA,TLS_DHE_RSA_WITH_AES_128_CBC_SHA,TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA] require_client_auth: true # enable or disable client/server encryption. client_encryption_options: enabled: true keystore: /path/to/keystore keystore_password: truststorepasswd #require_client_auth: true # Set trustore and truststore_password if require_client_auth is true truststore:/path/to/truststore truststore_password: truststorepasswd # More advanced defaults below: protocol: TLS algorithm: SunX509
[jira] [Commented] (CASSANDRA-7585) cassandra sstableloader connection refused with inter_node_encryption
[ https://issues.apache.org/jira/browse/CASSANDRA-7585?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=14070463#comment-14070463 ] Samphel Norden commented on CASSANDRA-7585: --- sstableloader always fails with connection refused, if internode encryption is on... The naive explanation (at least to me) is that it is somehow causing some activity on port 7000 between nodes (whether streaming is the reason is unknown) which is not the port on which nodes talk to each other when internode encryption is enabled... As I said above, sstableloader works correctly if only client to server encryption is enabled (that was a bug fixed in 2.0.4 IIRC). I think in both cases it is using the default ports 9160 and 7000. The client encryption part works fine since it also uses the default 9160 port even if client-to-server encryption is enabled.. The problem I think is that sstableloader is using 7000 (for unknown reasons) and the nodes no longer listen on 7000 when we have inter-node encryption enabled. Thats my speculative thinking. Whatever the reason might be, this is a critical bug for us since we have to enable encryption in enterprise deployments and need sstableloader to work for backup restores. cassandra sstableloader connection refused with inter_node_encryption - Key: CASSANDRA-7585 URL: https://issues.apache.org/jira/browse/CASSANDRA-7585 Project: Cassandra Issue Type: Bug Components: Core, Tools Reporter: Samphel Norden Assignee: Yuki Morishita cassandra sstableloader connection refused with inter_node_encryption When using sstableloader to import tables (cassandra 2.0.5) with inter-node encryption and client encryption enabled, I get a connection refused error I am using sstableloader -d $myhost -p 9160 -u cassandra -pw cassandra -ciphers TLS_RSA_WITH_AES_128_CBC_SHA,TLS_DHE_RSA_WITH_AES_128_CBC_SHA,TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA -st JKS -tf org.apache.cassandra.thrift.SSLTransportFactory -ts /path/to/truststore -tspw passwd $fullpath/$table Errors out with Streaming session ID: 1bc395c0-fbb2-11e3-9812-73da15121373 WARN 17:13:34,147 Failed attempt 1 to connect to Similar problem reported in cassandra 2.0.8 by another user http://stackoverflow.com/questions/24390604/cassandra-sstableloader-connection-refused-with-inter-node-encryption == Relevant cassandra.yaml snippet (with obfuscation) server_encryption_options: internode_encryption: all keystore:/path/to/keystore keystore_password: passwd truststore:/path/to/truststore truststore_password:passwd # More advanced defaults below: protocol: TLS algorithm: SunX509 store_type: JKS cipher_suites: [TLS_RSA_WITH_AES_128_CBC_SHA,TLS_DHE_RSA_WITH_AES_128_CBC_SHA,TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA] require_client_auth: true # enable or disable client/server encryption. client_encryption_options: enabled: true keystore: /path/to/keystore keystore_password: truststorepasswd #require_client_auth: true # Set trustore and truststore_password if
[jira] [Commented] (CASSANDRA-7585) cassandra sstableloader connection refused with inter_node_encryption
[ https://issues.apache.org/jira/browse/CASSANDRA-7585?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=14070481#comment-14070481 ] Brandon Williams commented on CASSANDRA-7585: - bq. Maybe write custom config loader that just use part of cassandra.yaml is the way to go. Couldn't we just add an option to specify the storage port? IIRC, the main reason we had to avoid yaml loading was the static init caused all kinds of other problems. cassandra sstableloader connection refused with inter_node_encryption - Key: CASSANDRA-7585 URL: https://issues.apache.org/jira/browse/CASSANDRA-7585 Project: Cassandra Issue Type: Bug Components: Core, Tools Reporter: Samphel Norden Assignee: Yuki Morishita cassandra sstableloader connection refused with inter_node_encryption When using sstableloader to import tables (cassandra 2.0.5) with inter-node encryption and client encryption enabled, I get a connection refused error I am using sstableloader -d $myhost -p 9160 -u cassandra -pw cassandra -ciphers TLS_RSA_WITH_AES_128_CBC_SHA,TLS_DHE_RSA_WITH_AES_128_CBC_SHA,TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA -st JKS -tf org.apache.cassandra.thrift.SSLTransportFactory -ts /path/to/truststore -tspw passwd $fullpath/$table Errors out with Streaming session ID: 1bc395c0-fbb2-11e3-9812-73da15121373 WARN 17:13:34,147 Failed attempt 1 to connect to Similar problem reported in cassandra 2.0.8 by another user http://stackoverflow.com/questions/24390604/cassandra-sstableloader-connection-refused-with-inter-node-encryption == Relevant cassandra.yaml snippet (with obfuscation) server_encryption_options: internode_encryption: all keystore:/path/to/keystore keystore_password: passwd truststore:/path/to/truststore truststore_password:passwd # More advanced defaults below: protocol: TLS algorithm: SunX509 store_type: JKS cipher_suites: [TLS_RSA_WITH_AES_128_CBC_SHA,TLS_DHE_RSA_WITH_AES_128_CBC_SHA,TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA] require_client_auth: true # enable or disable client/server encryption. client_encryption_options: enabled: true keystore: /path/to/keystore keystore_password: truststorepasswd #require_client_auth: true # Set trustore and truststore_password if require_client_auth is true truststore:/path/to/truststore truststore_password: truststorepasswd # More advanced defaults below: protocol: TLS algorithm: SunX509 store_type: JKS