bump. Any ideas? We're seeing the same issue on 2.0 as well.
Thanks!
On Tue, Sep 3, 2013 at 2:20 PM, David Laube d...@stormpath.com wrote:
Hi All,
After enabling encryption on our Cassandra 1.2.8 nodes, we receiving the
error Connection error: TSocket read 0 bytes while attempting to use CQLsh
to talk to the ring. I've followed the docs over at
http://www.datastax.com/documentation/cassandra/1.2/webhelp/cassandra/security/secureCqlshSSL_t.html
but can't seem to figure out why this isn't working. Inter-node
communication seems to be working properly since nodetool status shows our
nodes as up, but the CQLsh client is unable to talk to a single node or any
node in the cluster (specifying the IP in .cqlshrc or on the CLI) for some
reason. I'm providing the applicable config file entries below for review.
Any insight or suggestions would be greatly appreciated! :)
My ~/.cqlshrc file:
[connection]
hostname = 127.0.0.1
port = 9160
factory = cqlshlib.ssl.ssl_transport_factory
[ssl]
certfile = /etc/cassandra/conf/cassandra_client.crt
validate = true ## Optional, true by default.
[certfiles] ## Optional section, overrides the default certfile in the [ssl]
section.
192.168.1.3 = ~/keys/cassandra01.cert
192.168.1.4 = ~/keys/cassandra02.cert
Our cassandra.yaml file config blocks:
…snip…
server_encryption_options:
internode_encryption: all
keystore: /etc/cassandra/conf/.keystore
keystore_password: yeah-right
truststore: /etc/cassandra/conf/.truststore
truststore_password: yeah-right
# More advanced defaults below:
# protocol: TLS
# algorithm: SunX509
# store_type: JKS
# cipher_suites:
[TLS_RSA_WITH_AES_128_CBC_SHA,TLS_RSA_WITH_AES_256_CBC_SHA]
# require_client_auth: false
# enable or disable client/server encryption.
client_encryption_options:
enabled: true
keystore: /etc/cassandra/conf/.keystore
keystore_password: yeah-right
# require_client_auth: false
# Set trustore and truststore_password if require_client_auth is true
# truststore: conf/.truststore
# truststore_password: cassandra
# More advanced defaults below:
protocol: TLS
algorithm: SunX509
store_type: JKS
cipher_suites:
[TLS_RSA_WITH_AES_128_CBC_SHA,TLS_RSA_WITH_AES_256_CBC_SHA]
…snip...
Thanks,
-David Laube