RE: Issue in internode encryption in cassandra

2016-08-03 Thread Bastien DINE
(prabhkau) Objet : Re: Issue in internode encryption in cassandra Hi, Is any one have any hint regarding node to node encryption . Regards, Ashwini Mhatre From: asmhatre <asmha...@cisco.com<mailto:asmha...@cisco.com>> Reply-To: "user@cassandra.apache.org<mailto:user@cassandra

Re: Issue in internode encryption in cassandra

2016-08-03 Thread Ashwini Mhatre (asmhatre)
o:user@cassandra.apache.org>> Date: Monday, 25 July 2016 at 4:15 PM To: "user@cassandra.apache.org<mailto:user@cassandra.apache.org>" <user@cassandra.apache.org<mailto:user@cassandra.apache.org>> Subject: Issue in internode encryption in cassandra I am using i

Re: Issue in internode encryption in cassandra

2016-07-25 Thread Nate McCall
> > > I am using internode encryption in cassandra, with self signed CA it works fine. but with other product CA m getting this error "Filtering out TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA,TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA as it isnt supported by the socket” > You've specified ECDHE_

Re: Issue in internode encryption in cassandra

2016-07-25 Thread Eric Stevens
Compare the output to be certain the same ciphers are available everywhere. On Mon, Jul 25, 2016 at 4:45 AM Ashwini Mhatre (asmhatre) < asmha...@cisco.com> wrote: > Hi , > > I am using internode encryption in cassandra, with self signed CA it works > fine. but with other pr

Issue in internode encryption in cassandra

2016-07-25 Thread Ashwini Mhatre (asmhatre)
Hi , I am using internode encryption in cassandra, with self signed CA it works fine. but with other product CA m getting this error "Filtering out TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA,TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA as it isnt supported by the socket” Thank you. Regards, Ashwini Mhatre

Re: Encryption in cassandra

2016-01-14 Thread Jack Krupansky
the fact nobody will break >>> into the box, and if root is lost - all bets are off, that is fine too. But >>> in this case, what is the point to even have keystore and truststore? >>> >>> Thanks, >>> >>> Oleg >>> >>> On Thu, Jan 14, 2016 at 4:

Encryption in cassandra

2016-01-14 Thread oleg yusim
Greetings, Guys, can you please help me to understand following: I'm reading through the way keystore and truststore are implemented, and it is all fine and great, but at the end Cassandra documentation instructing to extract all the keystore content and leave all certs and keys in a clear. Do

Re: Encryption in cassandra

2016-01-14 Thread oleg yusim
will break into the box, and if root is lost - all bets are off, that is fine too. But in this case, what is the point to even have keystore and truststore? Thanks, Oleg On Thu, Jan 14, 2016 at 4:38 PM, Jack Krupansky <jack.krupan...@gmail.com> wrote: > The point of encryption in

Re: Encryption in cassandra

2016-01-14 Thread Jack Krupansky
ng - no, we are banking on the fact nobody will break > into the box, and if root is lost - all bets are off, that is fine too. But > in this case, what is the point to even have keystore and truststore? > > Thanks, > > Oleg > > On Thu, Jan 14, 2016 at 4:38 PM, Jack Krupansk

Re: Encryption in cassandra

2016-01-14 Thread Jack Krupansky
The point of encryption in Cassandra is to protect data in flight between the cluster and clients (or between nodes in the cluster.) The presumption is that normal system network access control (e.g., remote login, etc.) will preclude bad actors from directly accessing the file system on a cluster

Re: Encryption in cassandra

2016-01-14 Thread daemeon reiydelle
The keys don't have to be on the box. You do need a logi/password for c*. sent from my mobile Daemeon C.M. Reiydelle USA 415.501.0198 London +44.0.20.8144.9872 On Jan 14, 2016 5:16 PM, "oleg yusim" wrote: > Greetings, > > Guys, can you please help me to understand

Re: Encryption in cassandra

2016-01-14 Thread oleg yusim
Daemeon, Can you, please, give me a bit of beef to your idea? I'm not sure I'm fully on board here. Thanks, Oleg On Thu, Jan 14, 2016 at 4:52 PM, daemeon reiydelle wrote: > The keys don't have to be on the box. You do need a logi/password for c*. > > sent from my mobile >

Re: Encryption in cassandra

2016-01-14 Thread oleg yusim
gt; Now, if we are saying - no, we are banking on the fact nobody will break >> into the box, and if root is lost - all bets are off, that is fine too. But >> in this case, what is the point to even have keystore and truststore? >> >> Thanks, >> >> Oleg >>

Re: sstableloader does not support client encryption on Cassandra 2.0?

2013-11-19 Thread Tyler Hobbs
I think this is just an oversight; would you mind opening a ticket here? https://issues.apache.org/jira/browse/CASSANDRA On Mon, Nov 18, 2013 at 12:37 PM, David Laube d...@stormpath.com wrote: Hi All, We have been testing backup/restore from one ring to another and we recently stumbled upon

Re: sstableloader does not support client encryption on Cassandra 2.0?

2013-11-19 Thread David Laube
Thank you Tyler. I took your advice and I have opened https://issues.apache.org/jira/browse/CASSANDRA-6378 Best regards, -David Laube On Nov 19, 2013, at 9:51 AM, Tyler Hobbs ty...@datastax.com wrote: I think this is just an oversight; would you mind opening a ticket here?

sstableloader does not support client encryption on Cassandra 2.0?

2013-11-18 Thread David Laube
Hi All, We have been testing backup/restore from one ring to another and we recently stumbled upon an issue with sstableloader. When client_enc_enable: true, the exception below is generated. When client_enc_enable is set to false, the sstableloader is able to get to the point where it is