Hi, All, I'm trying to enable client-to-node encrypt communication in Cassandra (2.0.7) with Astyanax client library (version=1.56.48)
I found the links about how to enable this feature: http://www.datastax.com/documentation/cassandra/2.0/cassandra/security/secureSSLClientToNode_t.html But this only says how to set up in the server side, but not the client side. Here is my configuration on the server side (in yaml): client_encryption_options: enabled: true keystore: full-path-to-keystore-file #same file used by Cassandra server keystore_password: some-password truststore: fullpath-to-truststore-file #same file used by Cassandra server truststore_password: some-password # More advanced defaults below: # protocol: TLS # algorithm: SunX509 # store_type: JKS cipher_suites: [TLS_RSA_WITH_AES_128_CBC_SHA] require_client_auth: true http://www.datastax.com/dev/blog/accessing-secure-dse-clusters-with-cql-native-protocol This link says something about client side, but not how to do it with the Astyanax client library. Searching the Astyanax source codes, I found the class SSLConnectionContext maybe useful And here is my code snippet: AstyanaxContext<Cluster> clusterContext = new AstyanaxContext.Builder() .forCluster(clusterName) .forKeyspace(keyspaceName) .withAstyanaxConfiguration(new AstyanaxConfigurationImpl() .setRetryPolicy(new QueryRetryPolicy(10, 1000))) .withConnectionPoolConfiguration(new ConnectionPoolConfigurationImpl(_clusterName) .setMaxConnsPerHost(1) .setAuthenticationCredentials(credentials) .setSSLConnectionContext(sslContext) .setSeeds(String.format("%1$s:%2$d", uri.getHost(), uri.getPort())) ) .buildCluster(ThriftFamilyFactory.getInstance()); But when I tried to connect to the Cassandra server, I got following error: Caused by: org.apache.thrift.transport.TTransportException: javax.net.ssl.SSLHandshakeException: Remote host closed connection during handshake at org.apache.thrift.transport.TIOStreamTransport.flush(TIOStreamTransport.java:161) at org.apache.thrift.transport.TFramedTransport.flush(TFramedTransport.java:158) at org.apache.thrift.TServiceClient.sendBase(TServiceClient.java:65) at org.apache.cassandra.thrift.Cassandra$Client.send_login(Cassandra.java:567) at org.apache.cassandra.thrift.Cassandra$Client.login(Cassandra.java:559) at com.netflix.astyanax.thrift.ThriftSyncConnectionFactoryImpl$ThriftConnection.open(ThriftSyncConnectionFactoryImpl.java:203) ... 6 more It looks like that my SSL settings are incorrect. Does anyone know how to resolve this issue? Thanks Boying